Database Credential Exposure in Citrix Presentation Server and Desktop Server
CVE-2008-5107

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
17 November 2008

Summary

The installation process of Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is activated, inadvertently stores sensitive database credentials within MSI log files. This exposure permits local users to access and extract these credentials by reading the log files, potentially leading to unauthorized access and exploitation of the system. Organizations utilizing these Citrix products should take precautions to manage log file security and restrict local user access to prevent unauthorized credential retrieval.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.