The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
References
Link | Resource |
---|---|
http://support.citrix.com/article/CTX116228 | Vendor Advisory |
http://www.securityfocus.com/bid/28047 | Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2008/0705/references | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-11-17 18:18
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5107
Mitre link : CVE-2008-5107
CVE.ORG link : CVE-2008-5107
JSON object : View
Products Affected
citrix
- presentation_server
- desktop_server
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor