Data Exposure in Devolutions Remote Desktop Manager and Server
CVE-2022-3781

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager; Devolutions Server
Vendor: CVE Published:; 1 November 2022

What is CVE-2022-3781?

In Devolutions Remote Desktop Manager and Devolutions Server, passwords for Dashlane and Keepass are stored unencrypted in the database. This vulnerability affects versions prior to 2022.2.26 for Remote Desktop Manager and prior to 2022.3.1 for Devolutions Server, allowing unauthorized database users to access sensitive account information. Organizations using these products should prioritize upgrading to secure stored passwords and protect user data.

Affected Version(s)

Devolutions Server 0 <= 2022.3.1

Remote Desktop Manager 0 <= 2022.2.26

References

https://devolutions.net/security/advisories/DEVO-2022-0009

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Oct 31, 2022