Search

Citrix Access Gateway Advanced Access Control Authentication Bypass

Monday, 18 September 2006 by Michel Roth

A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the LDAP authentication. This can be exploited to bypass the authentication process and login without providing any user credentials.

Successful exploitation requires that the Advanced Access Control option is set to use LDAP authentication.

The vulnerability has been reported in Citrix Access Gateway deployed with Advanced Access Control 4.2. Other versions may also be affected.

Read the full advisory here.

Related Items:

Citrix Access Gateway With Advanced Access Control Vulnerabilities (15 November 2006)
Warning: 0-Day Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability (6 November 2006)
Wyse Winterm 1125SE IP Option Length Denial of Service (12 August 2005)
VERITAS Backup Exec Arbitrary File Download Vulnerability, Exploit In the Wild (12 August 2005)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
Citrix Access Gateway Unspecified Information Disclosure Vulnerability (29 January 2007)
0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
Citrix ICA Client ActiveX Control Heap Overflow Vulnerability (6 December 2006)

Comments (0)

Show/Hide comment form toggle

toggle

Our Newsletter

Stay Updated

Stay Updated!

Latest downloads

Stresstesing Provision Networks Components With DeNamiK LoadGenDeNamiK LoadGen1.3Visionapp Remote Desktop managerDeNamik Service WrapperLogin Consultants TS Task ManagerDeNamiK sftImportSoftgrid Precache All Applications Script: CacheAllSFTAppsThincomputing.net Tools v1.02

Latest Blog items