Petko D. Petkov (aka PDP), a researcher at GNU Citizen, who writes in a blog, posts that he found many vulnerabilities
during recent testing of Citrix gateways.

"The Internet is full of wide open CITRIX gateways. This is madness!. The other day I was performing some CITRIX testing, so I had a lot of fun with hacking into GUIs, which, as most of you probably know, are trivial to break into. I did play around with .ICA files as well, just to make sure that the client is not affected by some obvious client-side vulnerabilities. This exercise led me to reevaluate great many things about ICA (Independent Computing Architecture). When querying Google and Yahoo for public .ICA files, I was presented with tones of wide open services, some of which were located on .gov and .mil domains" writes PDP.

He also noted :

"Just by looking into Google, I was able to find 114 wide open CITRIX instances: 10 .gov, 4 .mil, 20 .edu, 27 .com, etc… The research was conducted offline, therefore there might be some false positives. Among the services discovered, there were several critical applications which looked so interesting that I didn’t even dare look at them. With a similar success, attackers can perform just simple port scans for service port 1494. The steps described above apply."

His post:

http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/