Citrix’s Hide and Seek: The Unseen Game of Session Hijacking

Unmasking a web vulnerability in Citrix Gateway and Cloud MFA, this post illuminates a game of hide-and-seek where Citrix didn’t realize they were “it.” The flaw allows attackers to bypass MFA by hijacking active users’ session data, leading to unauthorized access and potential infrastructure compromise.