Random Nonce Generation Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

Random Nonce Generation Vulnerability in Citrix NetScaler ADC and NetScaler Gateway

CVE-2017-5933 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.

Learn more about our Web Application Penetration Testing UK.