CVE-2022-26964
First published: Mon Dec 26 2022(Updated: )
Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Devolutions Remote Desktop Manager | <2022.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Devolutions Remote Desktop Manager?
The vulnerability ID for this issue in Devolutions Remote Desktop Manager is CVE-2022-26964.
What is the severity rating of CVE-2022-26964?
The severity rating of CVE-2022-26964 is high, with a value of 7.5.
How does CVE-2022-26964 allow information disclosure?
CVE-2022-26964 allows information disclosure via a password brute-force attack.
What version of Devolutions Remote Desktop Manager is affected by CVE-2022-26964?
CVE-2022-26964 affects Devolutions Remote Desktop Manager before version 2022.1.
Is there a fix available for CVE-2022-26964?
Yes, a fix for CVE-2022-26964 is available in Devolutions Remote Desktop Manager version 2022.1 and later.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/devolutions
- canonical/devolutions remote desktop manager