Vulnerabilities in Citrix Presentation Server and Access Gateway
Citrix warns that its Access Gateway may allow unauthorized users to have access to network components. In addition, Citrix has also discovered flaws in its Presentation Server that reduce the effectiveness of the server's encryption and allow users a desktop session without proper authorization.
Presentation Server may not provide sufficient encryption when SecureICA or ICA Basic is used as the encryption protocol, although SSL and TLS encryption still work. However, the Citrix advisories do not provide any further details of the flaws. The vendor merely mentions which versions are vulnerable and provides links to software updates. The Access Gateway only has a vulnerability in the Standard and Advanced Edition – the Enterprise Edition is not affected. The company advises users of the software to install the provided updates as soon as possible.
- Vulnerability in Access Gateway Standard Edition and Advanced Edition appliance firmware could result in authentication bypass, Citrix security advisory
- Vulnerability in Citrix Presentation Server could result in cryptographic settings not being correctly enforced, Citrix security advisory
- Vulnerability in Citrix Presentation Server could allow authenticated users to gain unauthorized access to a desktop session, Citrix security advisory