Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Citrix Fixes XenMobile Vulnerability Found by Positive Technologies

MobileNewsSecurity
By AIT News Desk

Positive Technologies expert Andrey Medov has discovered a vulnerability in Citrix XenMobile enterprise mobility management solution. When following a specially crafted URL, attackers could read arbitrary files outside the web server root directory, including configuration files and encryption keys for sensitive data. To exploit the vulnerability, no authorization was needed.

The vulnerability discovered in the Citrix XenMobile Server component was assigned the identifier CVE-2020-8209. The flaw is related to Path Traversal and is a result of insufficient input validation.

Recommended AI News: NextRoll Announces 5x Increase in Profitability, Product-Led Growth, and Names Robin Bordoli as CEO

Positive Technologies expert Andrey Medov explained: “Exploitation of this vulnerability allows hackers to obtain information that can be useful for breaching the perimeter, as the configuration file often stores domain account credentials for LDAP access.[1] With access to the domain account, a remote attacker can use the obtained data for authentication on other external company resources, including corporate mail, VPN, and web applications. Worse still, an attacker who has managed to read the configuration file can access sensitive data, such as database password (local PostgreSQL by default and a remote SQL Server database in some cases). However, taking into account that the database is stored inside the corporate perimeter and cannot be accessed from the outside, this attack vector can only be used in complex attacks, for example, with the involvement of an insider accomplice.”

Related Posts

From Innovation to Infiltration: The New Cyber Threat Landscape

Lightning AI Raises $50Million to Simplify and Scale AI Development For Enterprises and Developers

Teach Mode Is Here: rabbit Gives Consumers Power to Create Custom AI Agents

1 of 40,644

Recommended AI News: Anglepoint Named a Leader in New Gartner Magic Quadrant for SAM Managed Services

The vulnerability affects Citrix XenMobile versions from 10.8 to 10.12. Citrix has released an updated product version and is urging users to install it as soon as possible.

About Positive Technologies: For 18 years, Positive Technologies has created innovative solutions for information security. We develop products and services to detect, verify, and neutralize the real-world business risks associated with corporate IT infrastructure.

Recommended AI News: Human Times Shares New HR Media Intelligence Tool With Josh Bersin Academy Members

AIT News Desk

AIT News Desk is a trained group of web journalists and reporters who collect news from all over the technology landscape. The technical space includes advanced technologies related to AI, ML, ITops, Cloud Security, Privacy and Security, Cyberthreat intelligence, Space, Big data and Analytics, Blockchain and Crypto.
To connect, please write to AiT Analyst at news@martechseries.com.

You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.