CVE-2022-1342
15.06.2022, 17:15
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| devolutions | remote_desktop_manager | 𝑥 ≤ 2022.1.24 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-549 - Missing Password Field MaskingThe software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.