CVE-2024-7421

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.2.20.0 and earlier

Description: The issue is related to an information exposure that allows local attackers with access to system logs to obtain session credentials. This occurs via passwords included in command-line arguments when launching WinSCP sessions. The vulnerability is associated with the Command-Line Argument Handler component, which can lead to the disclosure of user credentials through log files.

Recommendations: For Devolutions Remote Desktop Manager versions 2024.2.20.0 and earlier, consider disabling the launch of WinSCP sessions until a patch is available to prevent the exposure of session credentials. Restrict access to system logs to minimize the risk of exploitation. As a temporary workaround, avoid using command-line arguments that include passwords when launching WinSCP sessions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.