Portal Portal Forum Forum Devolutions Force Devolutions Force RDM Online Services RDM Online Services Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Tools RDM RDM Web Login Web Login Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2022-0009

Summary

Dashlane password and Keepass Server password in My Account Settings is stored unencrypted in the database.

Affected Products

Remote Desktop Manager 2022.2.26 and earlier.

Devolutions Server 2022.3.1 and earlier.

Change Log

Initial publication - 2022-11-01

Severity

Medium

Product

Remote Desktop Manager, Devolutions Server

Fix Version

RDM 2022.2.27, DVLS 2022.3.2

Unencrypted sensitive data in the database

Description

Dashlane password and Keepass Server password in My Account Settings is stored unencrypted in the data base.

Remediation and Workarounds

Upgrade to Remote Desktop Manager 2022.2.27 or higher.

Upgrade to Devolutions Server 2022.3.2 or higher.

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Remote Desktop Manager 2022.2.26 and earlier.

Devolutions Server 2022.3.1 and earlier.

CVE(s)

CVE-2022-3781