PT-2024-37666 · Devolutions · Devolutions Remote Desktop Manager
Jã©Rã©My Sinou
·
Published
2024-07-16
·
Updated
2024-11-05
·
CVE-2024-6492
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Devolutions Remote Desktop Manager versions 2024.2.14.0 and earlier
Description
The issue allows an attacker to intercept proxy credentials via a specially crafted website, exploiting the exposure of sensitive information in the edge browser session proxy feature. This can be achieved on Windows systems.
Recommendations
For Devolutions Remote Desktop Manager versions 2024.2.14.0 and earlier, consider disabling the edge browser session proxy feature until a patch is available to prevent the interception of proxy credentials. Restrict access to sensitive information and avoid using the proxy feature with untrusted websites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager