Security & Compliance
DEVO-2023-0009
Zusammenfassung
Remote Desktop Manager is affected by multiple security vulnerabilities.
Betroffene Produkte
Remote Desktop Manager
Änderungsprotokoll
Initial Publication - 2023-04-11 Fix wrong affected version - 2023-04-24
Schweregrad
Medium
Produkt
Remote Desktop Manager
Behobene Version
RDMW 2023.1.10, RDML 2022.3.2.1
Two factor authentication bypass
Beschreibung
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager to 2023.1.10 and higher
Schweregrad
Medium - 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Betroffene Produkte
Remote Desktop Manager 2022.3.35 and earlier
CVE(s)
CVE-2023-1980
No access control for the OTP key on OTP entries
Beschreibung
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
Behebungen und Workarounds
Upgrade to Remote Desktop Manager Windows to 2022.3.34 and higher
Upgrade to Remote Desktop Manager Linux to 2022.3.2.1 and higher
Schweregrad
Medium (4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Betroffene Produkte
Remote Desktop Manager Windows 2022.3.23.0 and earlier
Remote Desktop Manager Linux 2022.3.2.0 and earlier
CVE(s)
CVE-2023-1939