CVE-2008-5107
Summary
| CVE | CVE-2008-5107 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-11-17 18:18:00 UTC |
| Updated | 2017-12-04 18:59:00 UTC |
| Description | The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Citrix | Desktop Server | 1.0 | All | All | All |
| Application | Citrix | Desktop Server | 1.0 | All | All | All |
| Application | Citrix | Presentation Server | 4.5 | All | All | All |
| Application | Citrix | Presentation Server | 4.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CTX116228 - Weakness in Citrix Presentation Server and Citrix Desktop Server installer could result in credentials being logged - Citrix Knowledge Center | CONFIRM | support.citrix.com | Vendor Advisory |
| Citrix Presentation And Desktop Servers Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.