PT-2008-3790 · Citrix · Ica Basic+5
Published
2008-05-18
·
Updated
2017-08-08
·
CVE-2008-2299
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Citrix Presentation Server versions 4.5 and earlier
Citrix Access Essentials versions 2.0 and earlier
Citrix Desktop Server version 1.0
Description:
The issue allows clients to use weaker encryption settings than configured by the administrator, potentially enabling attackers to bypass intended restrictions. This is due to an unspecified vulnerability in SecureICA and ICA Basic encryption.
Recommendations:
For Citrix Presentation Server versions 4.5 and earlier, update the configuration to enforce stronger encryption settings.
For Citrix Access Essentials versions 2.0 and earlier, restrict the use of weaker encryption protocols until a fix is available.
For Citrix Desktop Server version 1.0, consider disabling the vulnerable encryption module to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Citrix Access Essentials
Citrix Desktop Server
Citrix Metaframe Presentation Server
Citrix Presentation Server
Ica Basic
Secureica