Improper Authentication in Devolutions Remote Desktop Manager for Windows
CVE-2024-11671

Currently unrated

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-11671?

The vulnerability in Devolutions Remote Desktop Manager versions 2024.3.17 and earlier allows an authenticated user to circumvent multi-factor authentication (MFA) by switching data sources. This insufficient MFA validation poses a risk of unauthorized access to sensitive information managed by the application. Users should be aware of this issue and take appropriate measures to secure their systems.

References

https://devolutions.net/security/advisories/DEVO-2024-0016

Timeline

Vulnerability published
Nov 25, 2024