Citrix · Citrix Receiver Desktop Lock · CVE-2016-9111
**Name of the Vulnerable Software and Affected Versions**
Citrix Receiver Desktop Lock version 4.5
**Description**
The issue concerns incorrect access control mechanisms, potentially allowing an attacker to bypass authentication requirements. This could be achieved by leveraging physical access to a Virtual Desktop Infrastructure (VDI) and temporarily disconnecting a LAN cable. It's noted that the vendor was unable to reproduce the issue despite extensive investigation.
**Recommendations**
For Citrix Receiver Desktop Lock version 4.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.