Guest

Preview Tool

Cisco Bug: CSCut12513 - ASA allows citrix ICA connection without authentication

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(5)

Description (partial)

Symptom:
Cisco ASA Clientless SSL VPN integration with Citrix includes the download of a .ica file from the Citrix server and serving this to the client.
The .ica file includes a session token to connect to the Citrix server.

This file is stored on the client pc and deleted by the Citrix client once the session with Citrix is terminated.

If this file is copied on a different machine, it is possible to reuse this file to connect to the Citrix server via the Clientless SSL VPN
feature without requiring authentication as far as the session of the user that initially authenticated to the Clientless SSL VPN Portal is still
active.

Conditions:
The file needs to be copied from the initial pc and the authenticated user session should still be active.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.