Citrix is aware of recent tweets about a new mimikatz module that claims to be able to retrieve Citrix SSON stored passwords in user-level process memory.
Citrix has determined that these claims only relate to users of Citrix Workspace app for Windows who have SSON enabled on a domain registered device. The reports do not relate to customers who are not using SSON on a domain-registered device or customers using versions other than Citrix Workspace app for Windows.
Citrix has released updated versions of Citrix Workspace app for Windows with enhancements in place to provide protection for standard users against passwords being stolen from user-level process memory without admin-level privileges.
The updated versions of Citrix Workspace app for Windows are available at:
Citrix also recommends that customers consider using Windows AppLocker and/or only running trusted software on their systems to reduce any potential risk.