First published: Wed Mar 22 2023(Updated: )
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
Credit: security@devolutions.net
Affected Software | Affected Version | How to fix |
---|---|---|
Devolutions Remote Desktop Manager Windows | <2023.1.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-1574.
The title of the vulnerability is 'Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager'.
The severity of this vulnerability is medium with a severity score of 6.5.
Devolutions Remote Desktop Manager 2023.1.9 and below on Windows is affected by this vulnerability.
An attacker with access to the user interface can exploit this vulnerability by obtaining sensitive information via the error message dialog that displays the password in clear text.
Yes, Devolutions has released version 2023.1.10 which fixes this vulnerability.