Description
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Devolutions / Remote Desktop Manager0 – 2024.1.20.0
- Devolutions / Server0 – 2024.1.8.0
References
- VENDOR_ADVISORYhttps://devolutions.net/security/advisories/DEVO-2024-0006