How to Mitigate Heartbleed Vulnerability in Citrix License Server

Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability.

The Citrix License Server version 11.10 of the License Administration Console and older are not vulnerable to ‘Heartbleed’.

The Citrix Web Service for Licensing replaces Citrix Simple License service in version v11.11.1. It handles calls from the Licensing Snap-in and performs the hands-free allocation and downloading of license files from http://www.citrix.com.

The Citrix License Server v11.11.1, the Citrix License Server VPX v11.12 and the Citrix Usage Collector are vulnerable to CVE-2014-0160. New versions of the License Server v11.11.1.13017 and the License Server VPX v11.12.14001 can be downloaded
from the Citrix website at the following address: https://www.citrix.com/downloads/licensing/license-server/license-server-version-11111-for-windows.html

The Citrix Usage Collector captures usage data and facilitates automated billing for Citrix Service Providers. This communicates with citrix.com

Citrix License Server Console uses the default Web service port 8082 and configured to use HTTP. If License Server administrators have configured this service to use HTTPS complete the following configuration steps:

On the License Administration Console, select “Administration” > “Server Configuration” > “Secure Web Server Configuration”, uncheck “Enable HTTPS”.
Uncheck the option, “Redirect non-secure web access to secure web access”, click save, restart the license server.

This will disable the port HTTPS on the License Server.

If the service “Citrix Web Services for Licensing” is present, set the startup to disabled and reboot the machine. Logon to the server as an Administrator and open a command prompt. Type the following commands:
> net stop citrixwebservicesforlicensing
> sc config citrixwebservicesforlicensing start=disabled

If the service “Citrix Simple License Service” is present, set the startup to disabled and reboot the machine. Logon to the server as an Administrator and open a command prompt. Type the following commands:
> net stop citrixsimplelicenseservice
> sc config citrixsimplelicenseservice start=disabled

The Citrix Licensing Administration Snap-in communicates with the Web Services for Licensing component over port 8083. Communication to the License Server over this port should be blocked in the Windows firewall. So the Citrix Studio will be
unable to administer licensing.

Advertisements

About Murugan B Iyyappan

Working as a Technical Specialist - Citrix solutions architect with 13 years of experience in the IT industry. Expertise in Citrix XenApp and VMware in Windows platform.
This entry was posted in Citrix and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s