A significant authentication bypass problem in the application delivery controller (ADC) and Gateway products, which could be used to take over vulnerable systems, has been fixed by Citrix through the deployment of security upgrades. Customers relying on cloud services directly controlled by Citrix are not obliged to take any action, according to the cloud computing and virtualization technology provider.
A successful exploitation of the flaws could, in certain settings, allow an adversary to defeat login brute-force protections, take control of a remote desktop, and get authorised access.