Sécurité et conformité
DEVO-2024-0009
Résumé
Devolutions Server is affected by a vulnerability.
Produits affectés
Devolutions Server 2024.1.14.0 and earlier
Journal des modifications
25/06/2024 - Initial publication
Sévérité
Medium
Produit
Devolutions Server
Version corrigée
2024.2.3
2FA bypass in Devolutions Server
Description
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.
The attacker needs to know his victims username and password to perform this attack.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2024.1.15 or higher.
Sévérité
7.2 High - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Amber
Produits affectés
Devolutions Server 2024.1.14 and earlier
CVE(s)
CVE-2024-4846