CVE-2008-5107

Published: Nov 17, 2008Modified: Apr 23, 2026

1.9

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 3.4 / Impact: 2.9

Source: NVD

Description

The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.

Affected (2)

Products: Citrix: Desktop Server, Presentation Server

Citrix

2 products

Desktop Server

Presentation Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Citrix Desktop Server	Version 1.0
Citrix Presentation Server	Version 4.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://support.citrix.com/article/CTX116228

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/28047

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2008/0705/references

Source: cve@mitre.org

Permissions Required

http://support.citrix.com/article/CTX116228

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/28047

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2008/0705/references

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.