Authentication Bypass in Citrix Receiver Desktop Lock 4.5
CVE-2016-9111

6.8MEDIUM

Key Information:

Vendor
Citrix
Status
Receiver Desktop
Vendor
CVE Published:
7 November 2016

Summary

Citrix Receiver Desktop Lock 4.5 contains an access control issue that can potentially allow attackers to bypass authentication through physical access methods. Specifically, when an attacker temporarily disconnects the LAN cable from a Virtual Desktop Infrastructure (VDI), they may gain unauthorized entry. Although the vendor has stated that they were unable to reproduce the issue during their investigation, it's crucial for organizations using this software to assess the potential risks and implement additional security measures to safeguard their environments.

References

https://vuldb.com/?id.93250
x_refsource_MISC
http://www.securitytracker.com/id/1037176
vdb-entryx_refsource_SECTRACK
https://www.exploit-db.com/exploits/40686/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.