In association with heise online

19 September 2006, 08:58

Citrix patches critical hole in Access Gateway

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in Citrix Access Gateway opens a hole for attackers to log in without proper registration information and hence to achieve unauthorised access to applications or resources. Citrix Access Gateway is an SSL-VPN solution for connecting mobile and remote users.

According to the manufacturer, the problem arises in the interaction between the Advanced Access Control (AAC) and the LDAP authentication. Citrix declined to provide more details on the problem, but did classify it as critical. The flaw does not arise in situations where AAC is implemented without LDAP. AAC 4.2 is affected, although a hot fix is available to correct the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit