Citrix published security patches to fix a critical authentication bypass issue in Citrix ADC and Citrix Gateway. It is advised that impacted users of Citrix ADC and Citrix Gateway install the relevantly updated versions of those products as early as possible.
Citrix Gateway is a commonly used cloud-based or on-premises business server SSL VPN service that offers secure remote access with identity and access management capabilities.
For enterprise-deployed cloud applications, Citrix ADC is a load-balancing solution that guarantees continuous availability and the best performance.
“Note that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue, which is rated as a Critical severity vulnerability”, reads the Citrix security bulletin.
The company fixed three vulnerabilities overall. The three flaws can allow attackers to bypass…