cbcvebase.
CVE-2023-1939
published 2023-04-11

CVE-2023-1939: No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux…

PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.40%
32.2th percentile
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.

Affected

4 ranges
VendorProductVersion rangeFixed in
devolutionsremote_desktop_manager< 2022.3.34.02022.3.34.0
devolutionsremote_desktop_manager< 2022.3.2.12022.3.2.1
devolutionsremote_desktop_manager<= 2022.3.2.0
devolutionsremote_desktop_manager<= 2022.3.33.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.