PT-2023-17090 · Devolutions · Devolutions Remote Desktop Manager
Published
2023-03-22
·
Updated
2023-04-07
·
CVE-2023-1574
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2023.1.9 and below
Description
The issue concerns information disclosure in the user creation feature of a MSSQL data source. An attacker with access to the user interface can obtain sensitive information via the error message dialog, which displays the password in clear text.
Recommendations
For Devolutions Remote Desktop Manager versions 2023.1.9 and below, consider restricting access to the user creation feature until a fix is available. As a temporary workaround, avoid using the user creation feature with MSSQL data sources to minimize the risk of sensitive information disclosure.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager