SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Citrix Access Gateway Vendors:   Citrix
Citrix Access Gateway Lets Remote Users Bypass Authentication
SecurityTracker Alert ID:  1020025
SecurityTracker URL:  http://securitytracker.com/id/1020025
CVE Reference:   CVE-2008-2528   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  May 15 2008
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Standard Edition 4.5.7 and prior versions, Advanced Edition 4.5 HF2 and prior versions
Description:   A vulnerability was reported in Citrix Access Gateway. A remote user can bypass authentication.

A remote user can bypass authentication to access hosts and resources on the target network.

The Standard Edition and Advanced Edition models are affected.

The Access Gateway appliance in Access Gateway or Secure Gateway modes is not affected.

Access Gateway Enterprise Edition is not affected.

Impact:   A remote user can bypass authentication to access hosts and resources on the target network.
Solution:   The vendor has issued a fixed version (4.5.7 Rev A), available at:

http://support.citrix.com/article/CTX116762

A patch for versions 4.5.5, 4.5.6, and 4.5.7 is available at:

http://support.citrix.com/article/CTX117001

The vendor's advisory is available at:

http://support.citrix.com/article/CTX116930

Vendor URL:  support.citrix.com/article/CTX116930 (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC