Jump back to navigation
+ View all Jump back to navigation
The vulnerability lab research team was able to discover a simple but effective insufficient session validation vulnerability that can be exploited to bypass the mfa login authentication process on Citrix ADC/NetScaler v13.0 & v13.1, Citrix Gateway/NetScaler Gateway v13.0 & v13.1 and the Citrix Cloud Services Website. The security vulnerability allows remote attackers to bypass the mfa function by hijacking the session data of an active user (non expired session) to followup with further compromising attack