Authentication Bypass in Hub Business Integration for Devolutions Workspace on Windows and macOS
CVE-2023-2257

7.8HIGH

Key Information:

Vendor: Devolutions
Status: Workspace Desktop
Vendor: CVE Published:; 24 April 2023

What is CVE-2023-2257?

This security issue allows an attacker with access to the user interface to bypass password protection on a Hub Business space within Devolutions Workspace. Specifically, if the 'Force Login' feature is activated, the vulnerability enables unauthorized users to unlock the workspace application without entering the required credentials. This poses a significant risk to data integrity and security within the application.

Affected Version(s)

Workspace Desktop Windows 0 <= 2023.1.1.3

References

https://devolutions.net/security/advisories/DEVO-2023-0011

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2023
Vulnerability Reserved
Apr 24, 2023