Release date:
Updated on:
Affected Systems:
Citrix VDI-In-A-Box <5.4.3
Citrix VDI-In-A-Box <5.3.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67687
CVE (CAN) ID: CVE-2014-3780
Citrix VDI-In-A-Box is an enterprise-class virtual desktop infrastructure software device.
The authentication bypass vulnerability exists In versions earlier than Citrix VDI-In-A-Box 5.3.7 and 5.4.3. Successful exploitation of this vulnerability allows attackers to bypass authentication and gain access to VDI instances.
<* Source: Citrix (http://www.citrix.com /)
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Citrix
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.citrix.com/article/CTX140779
Version 5.4.4: https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-54
Version 5.3.8: https://www.citrix.com/downloads/vdi-in-a-box/product-software/vdi-in-a-box-53
This article permanently updates the link address: