Downgrade Attack Vulnerability in Citrix ShareFile: Bypassing Two-Factor Authentication

Downgrade Attack Vulnerability in Citrix ShareFile: Bypassing Two-Factor Authentication

CVE-2019-7218 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).

Learn more about our Physical Security Assessment.