CVE-2025-2277
13.03.2025, 13:15
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.Enginsight
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2025.1.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.