Hoffmann Forensic detects security leak in Citrix
During a security audit our employees, specialists in digital investigations, have detected a security leak in Citrix. Citrix applies terminal based computer solutions and has more than 50 million users worldwide. With Citrix users are able to work remotely on a central server.
During our investigation our specialists discovered a functionality in Citrix, which appeared to entail considerable risks. At user level it appeared relatively simple to modify an ‘ini.-file’ and its settings locally in such a way that as of that moment a key logging functionality became active at the terminal involved. From that moment a malicious user would be able to record and to read back all the keystrokes (login details) of another user.
It would for example be possible for the user to have the system administrator log in, with some sort of excuse, on a terminal that was manipulated. The unwitting system administrator subsequently inputs his login details and after his leave the malicious user has the password and the user name of the system administrator at his disposal. Consequently, with the login details of the system administrator he is then able to carry out unauthorized activities and has unlimited access to sensitive data.
For more detailed information we refer to the Analysis.
During our investigation our specialists discovered a functionality in Citrix, which appeared to entail considerable risks. At user level it appeared relatively simple to modify an ‘ini.-file’ and its settings locally in such a way that as of that moment a key logging functionality became active at the terminal involved. From that moment a malicious user would be able to record and to read back all the keystrokes (login details) of another user.
It would for example be possible for the user to have the system administrator log in, with some sort of excuse, on a terminal that was manipulated. The unwitting system administrator subsequently inputs his login details and after his leave the malicious user has the password and the user name of the system administrator at his disposal. Consequently, with the login details of the system administrator he is then able to carry out unauthorized activities and has unlimited access to sensitive data.
For more detailed information we refer to the Analysis.
