As easy as 'Citrix123' – hacker claims he popped Citrix's CMS
And once he was in, it became possible to pour malware onto all customers, allegedly
A Russian hacker claims he broke into systems run by Citrix, and gained access to potentially a huge number of customers.
The binary buster known as "W0rm" exploited weak credentials – the username email@example.com and the password Citrix123 – to get into the content management system that powers Citrix's websites.
The hacker gained access to admin functions including remote support, and informed Citrix of the security shortcomings, but did not receive a response. Israeli firm CyberInt stumbled across the report, and again notified the IT business which reportedly did not respond.
CyberInt's Elad Ben-Meir said the attack could have allowed W0rm or anyone else reproducing the steps to compromise Citrix customers.
“Essentially if he had wanted to, he could have put malware into every end user of every Citrix customer," said Ben-Meir, noting possible attacks include keylogging, data exfiltration, and botnet enslavement.
W0rm has previously attacked the the BBC, the Wall Street Journal, and Vice, and offered to sell stolen databases for cash.
The hacker has apparently attempted to warn affected organizations of the vulnerabilities before going public with the details. ®