CWE
522 311
Advisory Published
Updated

CVE-2022-3781

First published: Tue Nov 01 2022(Updated: )

Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.

Credit: security@devolutions.net security@devolutions.net

Affected SoftwareAffected VersionHow to fix
Devolutions Devolutions Server<2022.3.2
Devolutions Remote Desktop Manager<2022.2.27

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for the unencrypted passwords in My Account Settings in Devolutions Remote Desktop Manager and Devolutions Server?

    The vulnerability ID is CVE-2022-3781.

  • What software versions are affected by the unencrypted passwords vulnerability?

    The vulnerability affects Devolutions Remote Desktop Manager versions up to 2022.2.26 and Devolutions Server versions up to 2022.3.1.

  • How does the vulnerability in Devolutions Remote Desktop Manager and Devolutions Server allow database users to read unencrypted passwords?

    The vulnerability exposes the Dashlane password and Keepass Server password in the My Account Settings of the database, allowing database users to directly access the unencrypted passwords.

  • What is the severity of CVE-2022-3781?

    The severity of CVE-2022-3781 is medium with a CVSS score of 6.5.

  • Is there a fix for the vulnerability in Devolutions Remote Desktop Manager and Devolutions Server?

    Yes, the fix for the vulnerability is available in Devolutions Remote Desktop Manager version 2022.2.27 and Devolutions Server version 2022.3.2 and later.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203