[原文]The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
MetaFrame Password Manager contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to application passwords which are stored encoded. This condition occures when the application passwords are entered immediately after the First Time Use Wizard and if no sync point has been defined for production configurations, which may lead to a loss of confidentiality and integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Citrix has released a patch to address this vulnerability.