Petko D. Petkov is one busy researcher these days. Last month he warned of a huge flaw in Adobe Acrobat and Reader, which is used by just about everyone on the planet. Friday, the vendor confirmed it and issued a workaround. He was also one of the voices warning of a nasty QuickTime flaw Apple patched last week. Then there was the Google Gmail flaw he uncovered last month.
Now, he is warning of “tons” of “wide-open” flaws he found during some recent testing of Citrix gateways. Here’s what he had to say about it in the GNUCitizen blog:
“The Internet is full of wide-open Citrix gateways. This is madness! The other day I was performing some Citrix testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tones of wide-open services, some of which were located on .gov and .mil domains.”
He added: “Just by looking into Google, I was able to find 114 wide open Citrix instances: 10 .gov, 4 .mil, 20 .edu, 27 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn’t even dare look at them. With a similar success, attackers can perform just simple port scans for service port 1494. The steps described above apply.”
He posted this video to demonstrate the findings.