back to article HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops. The exploit, discovered by watchTowr, can be carried out using only an HTTP request, handing an attacker system privileges on the vendor's …

  1. Anonymous Coward
    Anonymous Coward

    We've lost a little more faith in the internet

    That's rather like saying that we've lost faith in windows because leaving them unguarded and accessible on city streets is an invitation to miscreants. We're simply more careful about how we deploy them.

    Other arguments may apply for different capitalisations of 'windows'.

  2. Anonymous Coward
    Anonymous Coward

    Add some drama

    Bug is awful and should have been avoided with some code security review.

    No doubts on this.

    But the situation is not so dramatic. What is vulnerable is the Session Recording service, not the Citrix VDA.

    Easy to patch. Less dramatic.

    Using PoC code you can get into Session Recording Server (which is bad), but you cannot get into the VDA (Citrix workloads, where the users connect).

    Again, this is bad. But not that bad.

  3. pc-fluesterer.info
    WTF?

    "we've lost a little more faith in the internet"

    s/the internet/Citrix/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like