
Preface: Many companies, especially law firms, and financial institutions will choose Citrix thin client functions. The decision seems to be correct, because their function looks perfect. For example, TCP offloading and network security protection. However, in order to cope with on demanding digital technology market. As a result, they are involved in some technologies and zone which will be interest to hackers.
Highlight: Design weakness on specific product:
1. Citrix Gateway Plug-in for Windows: If exploited, could result in a local user escalating their privilege level to SYSTEM.
Design weakness: When the service runs, it executes a periodic PowerShell script, executed as SYSTEM, every five minutes. To exploit this vulnerability, an attacker could create a malicious file, name it powershell.exe and copy it to every directory they have access to. This would allow them to achieve elevation of privileges on system’s running the Citrix Gateway Plug-In for Windows.
2. Starting 1st Oct 2020, ADC MPX and SDX will use serial number of applicance as password
Official announcement: Citrix Gateway Plug-in for Windows Security Update – https://support.citrix.com/article/CTX282684