Security & Compliance

DEVO-2022-0002

Affected Products

Remote Desktop Manager 2021.2 and earlier

Change Log

Initial Publication - 2022-03-09

Severity

High

Product

Remote Destkop Manager

Fix Version

2022.1

Summary

A vulnerability can reduce the strength of some passwords when exporting data in Remote Desktop Manager.

Weak password derivation on vault export

Description

When exporting data out of Remote Desktop Manager, a password can be used to encrypt the file. For passwords that were also valid Base64, Remote Desktop Manager erroneously decoded them prior to password derivation which reduces the effective length of the password.

Remediation and Workarounds

Update to Remote Desktop Manager 2022.1 or higher.

Severity

High - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Remote Desktop Manager

CVE(s)

CVE-2022-26964

Devolutions Logo
English français Deutsch
Contact Us

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada
Legal & Privacy infos@devolutions.net
All rights reserved © 2022 Devolutions