Attackers Can Bypass Vault Master Password via Offline Mode in Devolutions Remote Desktop Manager
CVE-2024-6057

Currently unrated

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 17 June 2024

What is CVE-2024-6057?

The improper authentication vulnerability in Devolutions Remote Desktop Manager allows attackers with access to an RDM instance to bypass the vault master password through the offline mode feature. This flaw poses significant security risks, enabling unauthorized access to sensitive data managed within the application. Users of Remote Desktop Manager versions 2024.1.31.0 and earlier are particularly at risk, necessitating prompt attention to remediate this issue.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2024.1.31.0

References

https://devolutions.net/security/advisories/DEVO-2024-0008

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 17, 2024