First published: Mon Jul 12 2021(Updated: )
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Devolutions Server | <2020.3.20 | |
Devolutions Devolutions Server | <2021.1.18 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security issue is CVE-2021-36382.
The affected software is Devolutions Server before 2021.1.18 and LTS before 2020.3.20.
Attackers can exploit this vulnerability by conducting a man-in-the-middle attack against the connections/partial endpoint, which accepts cleartext, in order to intercept private keys.
The severity of CVE-2021-36382 is medium with a score of 3.7.
To fix this vulnerability, it is recommended to update Devolutions Server to version 2021.1.18 or LTS version 2020.3.20.