PT-2019-18470 · Citrix · Citrix Sharefile

Published

2019-05-13

Updated

2019-07-09

CVE-2019-7218

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Citrix ShareFile versions prior to 19.23

Description The issue allows an attacker to downgrade from two-factor authentication to one-factor authentication. If an attacker has access to the victim's OTP physical token or virtual app, such as Google Authenticator, they can bypass the first authentication phase, which requires a username and password, and log in using only the username and OTP combination.

Recommendations For versions prior to 19.23, update to version 19.23 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources that use two-factor authentication until the update can be applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-7218

Affected Products

Citrix Sharefile

PT-2019-18470 · Citrix · Citrix Sharefile

CVE-2019-7218

Weakness Enumeration

Related Identifiers

Affected Products

References · 3