The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent malicious users to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrix access gateway 4.2 |
||
citrix access gateway 4.5 |
||
citrix access gateway 4.0 |