CVE-2023-1939
published 2023-04-11CVE-2023-1939: No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.40%
32.2th percentile
No access control for the OTP key
on OTP entries
in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | < 2022.3.34.0 | 2022.3.34.0 |
| devolutions | remote_desktop_manager | < 2022.3.2.1 | 2022.3.2.1 |
| devolutions | remote_desktop_manager | <= 2022.3.2.0 | — |
| devolutions | remote_desktop_manager | <= 2022.3.33.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-11
Published