Weak Encryption in Citrix Presentation Server and Related Products
CVE-2008-2299

Currently unrated

Key Information:

Vendor: Citrix
Status: Presentation Server
Vendor: CVE Published:; 18 May 2008

What is CVE-2008-2299?

An unspecified vulnerability in the SecureICA and ICA Basic encryption protocols of Citrix Presentation Server versions up to 4.5, Access Essentials 2.0, and Desktop Server 1.0 can result in clients adopting encryption settings that are weaker than what the administrator has configured. This issue may permit attackers to bypass intended security measures, undermining the overall integrity of data transmitted between clients and servers.

References

http://www.vupen.com/english/advisories/2008/1531/references

vdb-entryx_refsource_VUPEN

http://support.citrix.com/article/CTX114893

x_refsource_CONFIRM

http://secunia.com/advisories/30271

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2008
Vulnerability Reserved
May 18, 2008