Home page logo

bugtraq logo Bugtraq mailing list archives

RE: Citrix vulnerability disclosure/bug reports contact
From: "Arian J. Evans" <arian.evans () bigfoot com>
Date: Wed, 20 Mar 2002 19:21:48 -0600

Does anyone know where to send citrix bug reports?

Citrix prefers official support to go through either
a channel reseller (CCA/CCEA's at VARs can open calls),
or direct calls from someone with a support contract.

support@ and security@ are valid email addresses at
Citrix, but seldom responded to IME.

For general issues/bug reports, Citrix will direct you
to their public support forum:


<*personal experiences w/Citrix*>

I ran into several security quirks regarding application
authentication issues while beta-testing nFuse, and had
no luck getting Citrix support to address them, other
than open a case and never respond. FWIW, I was at a Citrix
VAR at that time and had direct support, and still made
no difference. I have not used nFuse since it went 1.0,
so I can provide no further input.

You can contact their support directly at: 800-424-8749
if you wish to pursue further; YMMV.

I called Citrix support directly on this tonight and
could find no one who had an answer on what to do with
a vulnerability disclosure, other than posting it in
their public forums. I got transferred until disconnected,
called back, and was then put on hold for over 30 mins
until I hung up. That's all the effort I'm willing to
put out for them. Good luck; responsible reporting.

Arian J. Evans
Citrix CCA Winframe, Metaframe
and other sheepskins


  By Date           By Thread  

Current thread:
  • Citrix contacts Eric Budke (Mar 20)
    • RE: Citrix vulnerability disclosure/bug reports contact Arian J. Evans (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]