Cisco Bug: CSCut12513 - ASA allows citrix ICA connection without authentication
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: Cisco ASA Clientless SSL VPN integration with Citrix includes the download of a .ica file from the Citrix server and serving this to the client. The .ica file includes a session token to connect to the Citrix server. This file is stored on the client pc and deleted by the Citrix client once the session with Citrix is terminated. If this file is copied on a different machine, it is possible to reuse this file to connect to the Citrix server via the Clientless SSL VPN feature without requiring authentication as far as the session of the user that initially authenticated to the Clientless SSL VPN Portal is still active. Conditions: The file needs to be copied from the initial pc and the authenticated user session should still be active.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases