3 matches found
Input validation
The web portal interface in Citrix Access Gateway aka Citrix Advanced Access Control before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or...
CVE-2006-6572
Unspecified vulnerability in Citrix Advanced Access Control AAC Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a differen...
CVE-2006-6572
Citrix Access Gateway AAC 4.2 with LDAP enabled is affected by an LDAP authentication bypass vulnerability. A remote attacker may authenticate without valid credentials. Citrix provides a hotfix (CTX110950) and recommends not enabling LDAP authentication as mitigation.