1000’s Of Lazy Admins Helping To Feed Citrix Bleed

Source: The Register 1000’s Of Lazy Admins Helping To Feed Citrix Bleed

When They Said Kill All Active And Persistent Sessions They Weren’t Kidding

Yes, there is always that user or app that works on critical applications that has no clue what their password is because they depend on persistent Citrix sessions.  Sure, they can kick up a storm when forced to either find the Post-It they wrote the password on or have to go through the official password reset process, but that pain is nothing compared to the damage an attacker with valid credentials to your network can inflict.  The patches are only the first step, you need to ensure new tokens are created after the patch else those old tokens could still be used to gain access to your systems.

It has been over 20 day since the notification and patch were released, yet one security researcher found over 5000 unpatched machines.  The worse news is the detection of around 20,000 exploited servers, which may or may not have patched but definitely didn’t clear their sessions.  As there are well over 100 IP addresses actively searching for vulnerable servers, this attack is still very much underway.  Be careful out there!

The vulnerability allows attackers to access a device's memory, and in that RAM find session tokens that miscreants can then extract and use to impersonate an authenticated user. Thus even if the hole is patched, copied tokens will remain valid unless further steps are taken.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!