Thread-topic: [SA21941] Citrix Access Gateway Advanced Access Control Authentication Bypass
> Citrix Access Gateway Advanced Access Control Authentication Bypass
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Moderately critical
> Security Bypass
> From remote
> Citrix Access Gateway 4.x
> A vulnerability has been reported in Citrix Access Gateway, which can
> be exploited by malicious people to bypass certain security
> The vulnerability is caused due to an error in the LDAP
> authentication. This can be exploited to bypass the authentication
> process and login without providing any user credentials.
> Successful exploitation requires that the Advanced Access Control
> option is set to use LDAP authentication.
> The vulnerability has been reported in Citrix Access Gateway deployed
> with Advanced Access Control 4.2. Other versions may also be affected.
> Apply hotfix AAC420W004.
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> ORIGINAL ADVISORY: