DEVO-2022-0004

Affected Products

Remote Desktop Manager 2022.1.6 and earlier

Change Log

Initial Publication - 2022-05-02

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.1.8

Summary

Credentials in My Account Settings are accessible to other users when stored in the database.

Credentials stored in My Account Settings are accessible to other users

Description

Credentials stored in My Account Settings are stored in the datasource by default, which make them accessible to other users. An option was added in Remote Desktop Manager to save account settings locally.

Remediation and Workarounds

Starting with Remote Desktop Manager 2022.1.8, an option is available in My Account Settings to set the save location to "Local". Account settings will then be saved locally on the computer.

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Remote Desktop Manager 2022.1.6 and earlier

CVE(s)

CVE-2022-2221