{"api_version":"1","generated_at":"2026-04-23T08:03:50+00:00","cve":"CVE-2008-5107","urls":{"html":"https://cve.report/CVE-2008-5107","api":"https://cve.report/api/cve/CVE-2008-5107.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-5107","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-5107"},"summary":{"title":"CVE-2008-5107","description":"The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-11-17 18:18:48","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"1.9","severity":"","vector":"AV:L/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/28047","name":"http://www.securityfocus.com/bid/28047","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Citrix Presentation And Desktop Servers Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://support.citrix.com/article/CTX116228","name":"http://support.citrix.com/article/CTX116228","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"CTX116228 - Weakness in Citrix Presentation Server and Citrix Desktop Server installer could result in credentials being logged - Citrix Knowledge Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0705/references","name":"http://www.vupen.com/english/advisories/2008/0705/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-5107","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-5107","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"5107","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"desktop_server","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"5107","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"presentation_server","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:40:17.201Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.citrix.com/article/CTX116228"},{"name":"ADV-2008-0705","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0705/references"},{"name":"28047","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/28047"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-02-26T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://support.citrix.com/article/CTX116228"},{"name":"ADV-2008-0705","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0705/references"},{"name":"28047","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/28047"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-5107","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://support.citrix.com/article/CTX116228","refsource":"CONFIRM","url":"http://support.citrix.com/article/CTX116228"},{"name":"ADV-2008-0705","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0705/references"},{"name":"28047","refsource":"BID","url":"http://www.securityfocus.com/bid/28047"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-5107","datePublished":"2008-11-17T18:00:00.000Z","dateReserved":"2008-11-17T00:00:00.000Z","dateUpdated":"2024-08-07T10:40:17.201Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-11-17 18:18:48","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:desktop_server:1.0:*:*:*:*:*:*:*","matchCriteriaId":"08AEEC3F-E8DD-4535-98D2-4CFD83439A69"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:presentation_server:4.5:*:*:*:*:*:*:*","matchCriteriaId":"BD859173-2ACD-4C60-8EF4-5B0434EA8244"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"5107","Ordinal":"1","Title":"CVE-2008-5107","CVE":"CVE-2008-5107","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"5107","Ordinal":"1","NoteData":"The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.","Type":"Description","Title":"CVE-2008-5107"},{"CveYear":"2008","CveId":"5107","Ordinal":"2","NoteData":"2008-11-17","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"5107","Ordinal":"3","NoteData":"2009-02-26","Type":"Other","Title":"Modified"}]}}}