Database Credential Exposure in Citrix Presentation Server and Desktop Server
CVE-2008-5107
Currently unrated
Key Information:
- Vendor
- Citrix
- Vendor
- CVE Published:
- 17 November 2008
Summary
The installation process of Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is activated, inadvertently stores sensitive database credentials within MSI log files. This exposure permits local users to access and extract these credentials by reading the log files, potentially leading to unauthorized access and exploitation of the system. Organizations utilizing these Citrix products should take precautions to manage log file security and restrict local user access to prevent unauthorized credential retrieval.
References
Timeline
Vulnerability published
Vulnerability Reserved