2 matches found
CVE-2019-7217
Summary: CVE-2019-7217 affects Citrix ShareFile prior to version 19.12, enabling user enumeration through OTP-check endpoints without authentication. Affected component appears to be the authentication/OTP verification flow, where server responses disclose whether a given username exists. The cit...
CVE-2019-7218
Citrix ShareFile vulnerable to a downgrade of authentication from two-factor to one-factor for versions before 19.23. An attacker who has access to the victim’s OTP token or authenticator app could bypass the username/password step and log in with username/OTP only. The issue affects the 2FA logi...