CVE-2022-3781
EUVD-2022-4313101.11.2022, 19:15
Dashlane password and Keepass Server password in My Account SettingsĀ are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2022.3.2 |
| devolutions | remote_desktop_manager | 𝑥 < 2022.2.27 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-311 - Missing Encryption of Sensitive DataThe software does not encrypt sensitive or critical information before storage or transmission.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.