Citrix Workspace App Vulnerable to Privilege Escalation Attacks - eviltoast
  • superkret@feddit.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    We’ve been dealing with this shit for the past 3 days.
    How the fuck do you even create a security hole that lets unprivileged users accessing a client app get SYSTEM rights to the server?
    Didn’t even know that was technically possible even if you tried to program it.

    Oh well, at least we’ll have an up-to-date client device inventory and no more BYOD shenanigans at the end of it.

      • superkret@feddit.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        2 months ago

        I wish we could get rid of Citrix yesterday, but:

        1. We’ve got our hands full till next year with a physical relocation of the business, migration to M365, replacement of all servers and storage, and getting the fuck away from VMWare
        2. I was technically hired as a Citrix Admin (despite never having heard of the software before), so replacing it might put my job in jeopardy.
      • Zorsith@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 months ago

        Got any links about the hidden server aspect of Citrix? I’d love to read more (I’d google it but these days Google is just… gestures vaguely

    • m-p{3}@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      security hole that lets unprivileged users accessing a client app get SYSTEM rights to the server

      wtf 🤣

  • superkret@feddit.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    On a side note, this non-descript general advice at the end of the article “The discovery of these vulnerabilities in the Citrix Workspace app for Windows underscores the importance of maintaining robust cybersecurity measures.” is obvious LLM speech.
    And the fact that nowadays, running a CVD through ChatGPT and publishing the results is a thing people do fucking triggers me.

  • CaptObvious@literature.cafe
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    I haven’t let Citrix maleare onto any device I own in decades, since finding that it wasn’t possible to remove their server from a Mac by normal means (it required using terminal to shut down and remove each process individually). I honestly wasn’t aware that anyone outside a particular obscure state agency in Kentucky still uses them.