PT-2008-6254 · Citrix · Citrix Presentation Server+1

Published

2008-11-17

Updated

2017-12-04

CVE-2008-5107

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Citrix Presentation Server version 4.5 Citrix Desktop Server version 1.0

Description The installation process stores database credentials in MSI log files when MSI logging is enabled. This allows local users to obtain these credentials by reading the log files.

Recommendations For Citrix Presentation Server version 4.5, consider disabling MSI logging during the installation process to prevent database credentials from being stored in log files. For Citrix Desktop Server version 1.0, restrict access to MSI log files to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-5107

Affected Products

Citrix Desktop Server

Citrix Presentation Server

PT-2008-6254 · Citrix · Citrix Presentation Server+1

CVE-2008-5107

Weakness Enumeration

Related Identifiers

Affected Products

References · 4