Security & Compliance
DEVO-2024-0009
Summary
Devolutions Server is affected by a vulnerability.
Affected Products
Devolutions Server 2024.1.14.0 and earlier
Change Log
25/06/2024 - Initial publication
Severity
Medium
Product
Devolutions Server
Fix Version
2024.2.3
2FA bypass in Devolutions Server
Description
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.
The attacker needs to know his victims username and password to perform this attack.
Remediation and Workarounds
Upgrade to Devolutions Server 2024.1.15 or higher.
Severity
7.2 High - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Amber
Affected Products
Devolutions Server 2024.1.14 and earlier
CVE(s)
CVE-2024-4846