Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum


PoC Published Regarding Citrix Bug:

0 Replies, 1026 Views

[Image: 1*TYAzzTJ60x-qg5N81ElU9A.png]

             A public proof-of-concept has finally been published in regards to the Citrix bug, a bug that has quite a large sector of the private and infosec community abuzz, as its modus operandi is allowing hackers access to devices which in turn will allow them access to the main internal network. 

     The vulnerability is a path traversal bug, which can be utilized by an attacker remotely. No authentication credentials are required by the attacker when its attacking a device, all they need do is send a rigged request to the Citrix device, along with the code they plan to intend to execute on said device. 

     The biggest problem with this, is that Citrix sent out an advisory in December, its now about mid January and there is still no patch. While the number of scans has increased steadily, officials at Citrix have assured its users that the actual threat is minimal. Stating that without a public exploit, not many attackers will get very far. 

     That all changed with the PoC, and even a second one followed it, that was published by a different firm. The whole issue with Citrix, and the main vulnerability, and how they intend to mitigate the whole situation is still on-going. 

     Original article can be found here.

     That was the news folks, have a good day, and stay safe out there.


01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Thumbs Up News Citrix Bugs Allow Unauthenticated Code Injection, Data Theft Mr.Kurd 1 1,459 07-15-2020, 12:28 AM
Last Post: EthelCrife
  News Hacking Forum Robbed of User Data: Found Published on Rival Site Mad-Architect 0 1,229 06-24-2019, 10:47 AM
Last Post: Mad-Architect
  News Zero-Day For Windows-10 Published on GitHub: Mad-Architect 0 1,203 06-07-2019, 12:55 PM
Last Post: Mad-Architect
  News Report Published About North Korean Malware Mad-Architect 0 1,247 05-12-2019, 10:12 AM
Last Post: Mad-Architect
  News FBI Informed Software Giant Citrix of a Security Breach Mad-Architect 0 1,174 03-09-2019, 11:57 AM
Last Post: Mad-Architect

Users browsing this thread: 5 Guest(s)