Industry News  New Citrix Bleed 2 Flaw Allows Token Theft – SAP GUI Vulnerabilities Pose Data Risk
Industry News

New Citrix Bleed 2 Flaw Allows Token Theft – SAP GUI Vulnerabilities Pose Data Risk

SecuredyouadmSecuredyouadmJune 25, 20250
PinterestLinkedInTumblrRedditVKWhatsApp
More stories



In a recent report, cybersecurity researchers have disclosed two security flaws in SAP Graphical User Interface (GUI) for Windows and Java that have since been patched by SAP. The vulnerabilities, known as CVE-2025-0055 and CVE-2025-0056, could have allowed attackers to access sensitive information stored in the input history feature of SAP GUI under certain conditions. This input history feature allows users to access previously entered values in input fields, potentially including usernames, national IDs, social security numbers, bank account numbers, and internal SAP table names.

The vulnerabilities identified by Pathlock stem from the insecure storage of input history in both the Java and Windows versions of SAP GUI. The historical information is stored locally on devices in predefined directories based on the SAP GUI variant, making it accessible to attackers with administrative privileges or access to the victim’s user directory. The issue lies in the weak XOR-based encryption scheme used by SAP GUI for Windows and the unencrypted storage of historical entries as Java serialized objects in SAP GUI for Java.

To mitigate the risks associated with potential information disclosure, users are advised to disable the input history functionality and delete existing database or serialized object files from the specified directories. Meanwhile, Citrix has patched a critical security flaw in NetScaler (CVE-2025-5777) that could be exploited by threat actors to gain access to vulnerable appliances. The vulnerability, codenamed Citrix Bleed 2, allows unauthorized attackers to grab valid session tokens from memory via malformed requests, bypassing authentication protections.

Citrix has addressed the vulnerability in various versions of NetScaler ADC and NetScaler Gateway, urging users to upgrade to the supported versions and terminate all active ICA and PCoIP sessions after upgrading. While there is no evidence of exploitation yet, cybersecurity experts warn that CVE-2025-5777 is shaping up to be as serious as CitrixBleed, a vulnerability that caused havoc in 2023. The details surrounding the vulnerability have evolved since its disclosure, indicating that it may be more severe than initially thought.



Source link

PinterestLinkedInTumblrRedditVKWhatsApp

Securedyouadm

Clearspeed Secures $60M to Amplify AI Voice Risk Tech
Certainly! Here’s a rewritten version of the article in 5 paragraphs or less, with a revised headline:

Entra ID Keeps OAuth Thriving in Cloud App Logins



In an era where digital security is paramount, Entra ID is reinforcing trust and efficiency in cloud application logins by keeping OAuth protocols alive and well. As organizations increasingly migrate to cloud-based solutions, safeguarding user authentication processes is crucial. Entra ID, with its robust support for OAuth, ensures that users can access their cloud applications securely and seamlessly. This not only enhances the user experience but also bolsters organizational security frameworks.

OAuth, an open standard for access delegation, enables users to grant third-party applications limited access to their resources without exposing their credentials. Entra ID’s integration with OAuth simplifies this process, making it easier for IT departments to manage permissions and for users to connect their applications without compromising security. This seamless integration is essential for businesses aiming to maintain a competitive edge in the fast-paced digital landscape.

Moreover, Entra ID offers advanced features that complement OAuth’s capabilities. These features include multi-factor authentication, conditional access policies, and detailed audit logs, which add layers of security and provide insights into user activity. By leveraging these tools, organizations can tailor their security measures to meet specific needs, ensuring that only authorized users gain access to sensitive information.

The continued reliance on OAuth within Entra ID underscores its importance in modern cybersecurity strategies. As cyber threats evolve, maintaining a secure and efficient authentication process becomes increasingly critical. Entra ID’s commitment to supporting OAuth ensures that organizations can trust their cloud applications are both accessible and secure, providing peace of mind to users and administrators alike.

In conclusion, Entra ID is playing a pivotal role in sustaining the relevance of OAuth in today’s cloud-centric world. By fostering secure and efficient cloud app logins, Entra ID not only enhances user experience but also fortifies organizational defenses against potential breaches. As businesses navigate the complexities of digital transformation, Entra ID’s support for OAuth stands as a testament to the ongoing evolution of cybersecurity solutions.
Related posts
Load more
Leave a Reply

Your email address will not be published. Required fields are marked *

Read also
Load more