PT-2022-18144 · Devolutions · Devolutions Remote Desktop Manager
Published
2022-12-26
·
Updated
2023-01-05
·
CVE-2022-26964
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions prior to 2022.1
Description
The issue allows information disclosure via a password brute-force attack due to weak password derivation for export. An error caused base64 to be decoded, potentially facilitating the attack.
Recommendations
For versions prior to 2022.1, update to version 2022.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information stored in Devolutions Remote Desktop Manager until the update is applied.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager