Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 does not properly generate GCM nonces, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a “forbidden attack,” a similar issue to CVE-2016-0270.