Security & Compliance

DEVO-2023-0009

Zusammenfassung

Remote Desktop Manager is affected by multiple security vulnerabilities.

Betroffene Produkte

Remote Desktop Manager

Änderungsprotokoll

Initial Publication - 2023-04-11 Fix wrong affected version - 2023-04-24

Schweregrad

Medium

Produkt

Remote Desktop Manager

Behobene Version

RDMW 2023.1.10, RDML 2022.3.2.1

Two factor authentication bypass

Beschreibung

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager to 2023.1.10 and higher

Schweregrad

Medium - 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Betroffene Produkte

Remote Desktop Manager 2022.3.35 and earlier

CVE(s)

CVE-2023-1980

No access control for the OTP key on OTP entries

Beschreibung

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.

Behebungen und Workarounds

Upgrade to Remote Desktop Manager Windows to 2022.3.34 and higher

Upgrade to Remote Desktop Manager Linux to 2022.3.2.1 and higher

Schweregrad

Medium (4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Betroffene Produkte

Remote Desktop Manager Windows 2022.3.23.0 and earlier
Remote Desktop Manager Linux 2022.3.2.0 and earlier

CVE(s)

CVE-2023-1939

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions