Database Credential Exposure in Citrix Presentation Server and Desktop Server
CVE-2008-5107

Currently unrated

Key Information:

Vendor: Citrix
Status: Desktop Server; Presentation Server
Vendor: CVE Published:; 17 November 2008

Summary

The installation process of Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is activated, inadvertently stores sensitive database credentials within MSI log files. This exposure permits local users to access and extract these credentials by reading the log files, potentially leading to unauthorized access and exploitation of the system. Organizations utilizing these Citrix products should take precautions to manage log file security and restrict local user access to prevent unauthorized credential retrieval.

References

http://support.citrix.com/article/CTX116228

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/0705/references

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/28047

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 17, 2008
Vulnerability Reserved
Nov 17, 2008