Attackers Can Access Sensitive Information via Offline Cache Feature in Devolutions Remote Desktop Manager
CVE-2024-3545

Currently unrated

Key Information:

Vendor: Devolutions
Status: Server; Remote Desktop Manager
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-3545?

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2024.1.20.0

Server 0 <= 2024.1.8.0

References

https://devolutions.net/security/advisories/DEVO-2024-0006

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 9, 2024