citrix-bleed
Safeguard articles tagged "citrix-bleed" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Citrix Bleed (CVE-2023-4966) Explained: Leaking Session Tokens Straight Past MFA
CVE-2023-4966, Citrix Bleed, let unauthenticated attackers read memory from NetScaler appliances and steal valid session tokens — hijacking sessions and bypassing multi-factor authentication.
Citrix Bleed 2 Implications: What CVE-2024-6235 Means for NetScaler Operators
CVE-2024-6235 was the followup to the original Citrix Bleed and exposed sensitive data from NetScaler ADC and Gateway appliances. The technical details and what changes.
Xfinity Breach via Citrix Bleed Exposes 35.9 Million Customers
In December 2023, Comcast's Xfinity division disclosed that attackers exploiting the Citrix Bleed vulnerability had accessed personal data of 35.9 million customers, including usernames, hashed passwords, and partial Social Security numbers.
Citrix Bleed CVE-2023-4966: Session Token Theft That Bypassed Every Authentication Control
Citrix Bleed allowed attackers to steal session tokens from NetScaler ADC, bypassing MFA and all authentication controls. LockBit ransomware used it to devastating effect.