Re: Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Read Time:21 Second

Posted by Jeffrey Walton on Jul 19

There’s also https://en.wikipedia.org/wiki/Session_hijacking#Prevention

One thing Jim Manico of OWASP recommends is to (re)prompt the user for
their password on occasion, like when performing a high value
operation. That will effectively re-authenticate a user before a high
value operation. Attackers with a cookie but without the user’s
password should fail the re-authentication challenge.

Jeff

mingw-LibRaw-0.21.4-1.fc41

FEDORA-2025-e7dea91428 Packages in this update: mingw-LibRaw-0.21.4-1.fc41 Update description: Update to LibRaw 0.21.4. Read More

April 21, 2025

mingw-LibRaw-0.21.4-1.fc40

FEDORA-2025-32a9eb17af Packages in this update: mingw-LibRaw-0.21.4-1.fc40 Update description: Update to LibRaw 0.21.4. Read More

April 21, 2025

mingw-LibRaw-0.21.4-1.fc42

FEDORA-2025-caed275f11 Packages in this update: mingw-LibRaw-0.21.4-1.fc42 Update description: Update to LibRaw 0.21.4. Read More

April 21, 2025

workrave-1.10.53-1.el8

FEDORA-EPEL-2025-93f69f60e4 Packages in this update: workrave-1.10.53-1.el8 Update description: Fixing CVE-2023-2142 Read More

April 20, 2025

DSA-5906-1 erlang – security update

Several vulnerabilities were discovered in the Erlang/OTP implementation of the SSH protocol, which may result in denial of service or...

April 20, 2025

caddy-2.10.0-1.fc42

FEDORA-2025-4518c12e2f Packages in this update: caddy-2.10.0-1.fc42 Update description: Update to version 2.10.0. Aside from the new upstream features, this update...

April 19, 2025

Friday Squid Blogging: Live Colossal Squid Filmed

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

Re: Citrix Gateway & Cloud MFA – Insufficient Session Validation Vulnerability

mingw-LibRaw-0.21.4-1.fc41

mingw-LibRaw-0.21.4-1.fc40

mingw-LibRaw-0.21.4-1.fc42

workrave-1.10.53-1.el8

DSA-5906-1 erlang – security update

caddy-2.10.0-1.fc42