This article is more than 1 year old

As easy as 'Citrix123' – hacker claims he popped Citrix's CMS

And once he was in, it became possible to pour malware onto all customers, allegedly

A Russian hacker claims he broke into systems run by Citrix, and gained access to potentially a huge number of customers.

The binary buster known as "W0rm" exploited weak credentials – the username and the password Citrix123 – to get into the content management system that powers Citrix's websites.

W0rm published the findings in October on his or her blog and to the antichat security forum.

The hacker gained access to admin functions including remote support, and informed Citrix of the security shortcomings, but did not receive a response. Israeli firm CyberInt stumbled across the report, and again notified the IT business which reportedly did not respond.

CyberInt's Elad Ben-Meir said the attack could have allowed W0rm or anyone else reproducing the steps to compromise Citrix customers.

“Essentially if he had wanted to, he could have put malware into every end user of every Citrix customer," said Ben-Meir, noting possible attacks include keylogging, data exfiltration, and botnet enslavement.

W0rm has previously attacked the the BBC, the Wall Street Journal, and Vice, and offered to sell stolen databases for cash.

The hacker has apparently attempted to warn affected organizations of the vulnerabilities before going public with the details. ®

More about


Send us news

Other stories you might like