Security News > 2023 > October > Hackers hijack Citrix NetScaler login pages to steal credentials
Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.
The flaw is a critical unauthenticated remote code execution bug discovered as a zero-day in July that impacts Citrix NetScaler ADC and NetScaler Gateway.
IBM's X-Force reports that despite the multiple warnings to update Citrix devices, the attack surface remains significant, and hackers began exploiting CVE-2023-3519 to inject JavaScript that harvests login credentials in September.
X-Force first discovered the Netscaler credential-stealing campaign while investigating a case where a client experienced slow authentications on their NetScaler device.
Based on their investigations, the responders found that hackers breached using CVE-2023-3519 to inject a malicious credential-stealing JavaScript script into a Citrix NetScaler device's index.
X-Force identified almost 600 unique IP addresses for NetScaler devices whose login pages had been modified to facilitate the credential-stealing operation.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-3519 | Code Injection vulnerability in Citrix products Unauthenticated remote code execution | 9.8 |