Attackers Can Steal PowerShell Credentials via Data Source Export Feature
CVE-2024-6055

Currently unrated

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 17 June 2024

What is CVE-2024-6055?

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration file.

Affected Version(s)

Remote Desktop Manager 0 <= 2024.1.32.0

References

https://devolutions.net/security/advisories/DEVO-2024-0008

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 17, 2024