The French Security Incident Response Team (FrSIRT) has identified a vulnerability in Citrix Access Gateway that could allow attackers to gain access to critical applications without providing proper authentication.

"high risk" bug in the SSL VPN appliance, which supplies users with continuous single points-of-access to an organization's applications and data, is caused by an error in the Advanced Access Control (AAC) option when configured to use LDAP (Lightweight Directory Access Protocol authentication, according to an FrSIRT advisory. LDAP is used to access directory information.

According to the advisory, the flaw may allow attackers to bypass security restrictions in Access Gateway with Advanced Access Control version 4.2.

Citrix, which reported the vulnerability, is offering a hotfix on his website, the advisory said.

A company spokesman could not be reached for comment today.

Click here to email reporter Dan Kaplan.