Suspicious access to configuration files in Citrix Command Center Description   Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. No access control is enforced on this folder, an unauthenticated attacker can download any configuration file stored in this folder.       Default configuration   Profiles High Medium Low Internet Action Pass Pass Pass Pass Alarm Level Minor Ignore Ignore Minor       References   URL: https://www.securify.nl/advisory/SFY20140802/citrix_command_center_allows_downloading_of_configuration_files.html       Available since   ASQ v5.0.0       Protects   Citrix Command Center Multiple Vulnerabilities 100 last CVE   CVE-2015-2683 CVE-2015-2682    Risk level  Moderate