[THIN] KB ALERT: CTX110950 - LDAP authentication vulnerability in Access Gateway Advanced Access Control

  • From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Mon, 18 Sep 2006 08:50:57 -0700 (PDT)

CTX110950 - LDAP authentication vulnerability in Access Gateway Advanced Access 
Control 
  This document was published at: http://support.citrix.com/article/CTX110950 
    Document ID: CTX110950, Created on: Sep 15, 2006, Updated: Sep 15, 2006   
Products: Advanced Access Control 4.2 
               Severity: High
  Description of Problem
  If the Advanced Access Control option (AAC) of Access Gateway is configured 
to use LDAP authentication then it is possible for a user to logon without 
supplying valid credentials.
  This vulnerability only affects AAC Version 4.2 deployments that are using 
LDAP authentication; Access Gateway deployments that do not include AAC are not 
vulnerable to this issue.
  What Customers Should Do
  This vulnerability is addressed by hotfix AAC420W004. Citrix recommends that 
any customers using AAC 4.2 with LDAP authentication install this hotfix. The 
hotfix can be downloaded from the following location: 
  http://support.citrix.com/article/CTX110439
  What Citrix Is Doing 
  Citrix is proactively notifying customers and channel partners about this 
potential security issue. An article containing the information in this 
bulletin is available from the Citrix Knowledge Base at 
http://support.citrix.com/. 
  Obtaining Support on this Issue
  If you require technical assistance with this issue, please contact Citrix 
Technical Support. Information for contacting Citrix Technical Support is 
available at http://support.citrix.com/. 
  Reporting Security Vulnerabilities to Citrix
  Citrix welcomes input regarding the security of its products and considers 
any and all potential vulnerabilities very seriously. If you would like to 
report a security issue to Citrix, please compose an e-mail to 
secure@xxxxxxxxxx containing the exact version of the product in which the 
vulnerability was found and steps to reproduce the vulnerability.



Jim Kenzig 
    Microsoft MVP - Terminal Services
  Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com

    Terminal Services Downloads: http://www.thinhelp.com



   

Other related posts:

  • » [THIN] KB ALERT: CTX110950 - LDAP authentication vulnerability in Access Gateway Advanced Access Control