Vulnerability Description
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Desktop Server | 1.0 |
| Citrix | Presentation Server | 4.5 |
Related Weaknesses (CWE)
References
- http://support.citrix.com/article/CTX116228Vendor Advisory
- http://www.securityfocus.com/bid/28047Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/0705/referencesPermissions Required
- http://support.citrix.com/article/CTX116228Vendor Advisory
- http://www.securityfocus.com/bid/28047Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/0705/referencesPermissions Required
FAQ
What is CVE-2008-5107?
CVE-2008-5107 is a vulnerability with a CVSS score of 1.9 (LOW). The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these ...
How severe is CVE-2008-5107?
CVE-2008-5107 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5107?
Check the references section above for vendor advisories and patch information. Affected products include: Citrix Desktop Server, Citrix Presentation Server.