CVE-2023-2257

Name of the Vulnerable Software and Affected Versions Devolutions Workspace Desktop versions 2023.1.1.3 and earlier

Description The issue allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This occurs only if the "Force Login" feature is enabled on the Hub Business instance and the attacker has access to a locked Workspace desktop application configured with a Hub Business space.

Recommendations For Devolutions Workspace Desktop versions 2023.1.1.3 and earlier, consider disabling the "Force Login" feature until a patch is available to prevent potential exploitation. Additionally, restrict access to the locked Workspace desktop application configured with a Hub Business space to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.