CVE-2008-2299

Name of the Vulnerable Software and Affected Versions: Citrix Presentation Server versions 4.5 and earlier Citrix Access Essentials versions 2.0 and earlier Citrix Desktop Server version 1.0

Description: The issue allows clients to use weaker encryption settings than configured by the administrator, potentially enabling attackers to bypass intended restrictions. This is due to an unspecified vulnerability in SecureICA and ICA Basic encryption.

Recommendations: For Citrix Presentation Server versions 4.5 and earlier, update the configuration to enforce stronger encryption settings. For Citrix Access Essentials versions 2.0 and earlier, restrict the use of weaker encryption protocols until a fix is available. For Citrix Desktop Server version 1.0, consider disabling the vulnerable encryption module to minimize the risk of exploitation.