CVE-2019-7218

Severity CVSS v4.0:
Pending analysis
Type:
CWE-287 Authentication Issues
Publication date:
13/05/2019
Last modified:
09/07/2019

Description

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:citrix:sharefile:*:*:*:*:*:*:*:* 19.1 (including)


References to Advisories, Solutions, and Tools