PT-2025-11170 · Devolutions · Devolutions Remote Desktop Manager
Published
2025-03-13
·
Updated
2025-03-13
·
CVE-2025-1636
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Devolutions Remote Desktop Manager versions 2024.3.29 and earlier
Description:
The issue concerns the exposure of sensitive information in the My Personal Credentials password history component. This allows an authenticated user to inadvertently leak My Personal Credentials in a shared vault via the clear history feature due to faulty business logic.
Recommendations:
For Devolutions Remote Desktop Manager versions 2024.3.29 and earlier, consider disabling the clear history feature in the My Personal Credentials password history component until a fix is available to prevent potential leakage of sensitive information. Restrict access to shared vaults to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Remote Desktop Manager