MAIN MENU

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

DEVO-2023-0009

Remote Desktop Manager is affected by multiple security vulnerabilities.

Affected Products

Remote Desktop Manager

Change Log

Initial Publication - 2023-04-11 Fix wrong affected version - 2023-04-24

Two factor authentication bypass

Medium - 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.

CVE(s)

CVE-2023-1980

Remediation and Workarounds

Upgrade to Remote Desktop Manager to 2023.1.10 and higher

No access control for the OTP key on OTP entries

Medium (4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.

CVE(s)

CVE-2023-1939

Remediation and Workarounds

Upgrade to Remote Desktop Manager Windows to 2022.3.34 and higher

Upgrade to Remote Desktop Manager Linux to 2022.3.2.1 and higher