PT-2022-13813 · Devolutions · Devolutions Remote Desktop Manager

Published

2022-06-15

Updated

2022-06-24

CVE-2022-1342

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2022.1.24 and prior

Description A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information.

Recommendations For Devolutions Remote Desktop Manager versions 2022.1.24 and prior, consider disabling the caching feature for sensitive fields as a temporary workaround until a patch is available. Restrict access to the Remote Desktop Manager to minimize the risk of exploitation by physically proximate attackers.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-549

Related Identifiers

CVE-2022-1342

Affected Products

Devolutions Remote Desktop Manager

PT-2022-13813 · Devolutions · Devolutions Remote Desktop Manager

CVE-2022-1342

Weakness Enumeration

Related Identifiers

Affected Products

References · 4