Weak Password Derivation in Devolutions Remote Desktop Manager
CVE-2022-26964

7.5HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 26 December 2022

What is CVE-2022-26964?

In Devolutions Remote Desktop Manager prior to version 2022.1, a flaw in the password derivation process compromises security, potentially leading to information disclosure through brute-force attacks. The vulnerability arises from an error in base64 decoding, allowing attackers to exploit weak passwords for unauthorized access to sensitive information.

References

https://devolutions.net/security/advisories/DEVO-2022-0002

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Mar 12, 2022