Security Researcher Warns About Citrix Vulnerability

Written on Oct 11 2007 956 views, 3 comments

Informationweek posted an article about a vulnerability in citrix were they use the citrixclient as a point to attack, so... Read More...

Read the complete post at http://www.datacrash.net/content/view/431/40/

Comments

Guest wrote The details are sketchy

on Thu, Oct 11 2007 9:53 PM

This article was also posted in eWeek - but if you look at the detail you will see that the problem is a CPS server sitting directly on the internet with no security. More of an imprementation issue than a CPS issue.

Guest wrote Re: The details are sketchy

on Thu, Oct 11 2007 10:30 PM

Have to agree, that looks more like someone who doesn't know what they are doing at implementation rather than technical problems with Citrix.

Guest wrote Re: Re: The details are sketchy

on Fri, Oct 12 2007 3:42 PM

The sad thing is that a manager level will read this article and immediatly panic thinking that their Citrix environment is not secure. Anyone with any network savy will see that this is not a Citrix issue.

hans straat wrote user is stil the biggest security risk

on Tue, Oct 16 2007 8:01 AM

Like said in my comments on the article and on the dutch site tweakers.net the biggest risk is still the user. This is not a bug but they simply use the ICA client to gain access to an environment. You still need user credentials to logon to such an environment and most environments don't have ftp or tftp open only port 80 for internet browsing.

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.

Syndication

Recent Posts

Archives

Security Researcher Warns About Citrix Vulnerability

Comments