Citrix has issued a patch for XenMobile, after a security researcher at Positive Technologies spotted a vulnerability in the enterprise mobility management system.
According to researcher Andrey Medov, the flaw in the server component could let attackers read files, including configuration files and encryption keys.
"Exploitation of this vulnerability allows hackers to obtain information that can be useful for breaching the perimeter, as the configuration file often stores domain account credentials for LDAP access," explained Medov, referring to lightweight directory access protocol, servers that are mainly used for central storage of accounts.
"With access to the domain account, a remote attacker can use the obtained data for authentication on other external company resources, including corporate mail, VPN, and web applications."
Medov adds: "Worse still, an attacker who has managed to read the configuration file can access sensitive data, such as database passwords — local PostgreSQL by default and a remote SQL Server database in some cases."
There's no reason to panic, though, as victims would need to follow a malicious link first and the attacker would need some physical access. "However, taking into account that the database is stored inside the corporate perimeter and cannot be accessed from the outside, this attack vector can only be used in complex attacks, for example, with the involvement of an insider accomplice," Medov explained.
The vulnerability is in versions 10.8 to 10.12 of Citrix XenMobile, also called Citrix Endpoint Management, but not in the cloud versions of the system. If your system is at risk, the company is urging users to update their software. The level of risk depends on the version, with Citrix advising some to update immediately, while advising others they can update as part of their regular patching schedule.
The patch addresses the flaw spotted by Medov as well as a handful of related vulnerabilities reported by Glyn Wintle of Tradecraft and Kristian Bremberg of Detectify, Citrix said.
Last year, Positive Technologies spotted a critical vulnerability in Citrix software that affected 80,000 companies, but a survey six weeks later revealed one in five of those companies still hadn't patched the flaw.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Citrix Bleed an “early Christmas present” for hackers as flaw claims latest victimNews Xfinity is the latest firm to fall victim to the Citrix Bleed vulnerability
-
Citrix Bleed remains out of control with thousands of appliances still vulnerableNews Thousands of organizations at risk of Citrix Bleed have still not patched, analysis suggests
-
What is Citrix Bleed and should you be worried?News A critical buffer over-read can expose sensitive information in affected devices
-
Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in EuropeNews More than 1,800 Citrix NetScaler devices still contained backdoors at the time of publication
-
Citrix discloses critical NetScaler Gateway vulnerabilityNews Users of affected products have been urged to implement patches immediately to mitigate risk
-
Hackers are taking advantage of Citrix vulnerabilitiesNews Hackers discovered targeting corporate networks impacted by Citrix vulnerabilities
-
Citrix Synergy 2019: One year on GDPR is shaping the role of privacy in brand survivalIn-depth Despite big fines levied, Citrix’s privacy chief says we still don’t have a sense of what enforcement will look like
-
Security takes pride of place at Citrix Synergy 2017News ‘Software-defined perimeter’ will help organisations ensure the security of their networks
