CVE-2022-3781

Summary

Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.

This issue affects : Remote Desktop Manager 2022.2.26 and prior versions.

Devolutions Server 2022.3.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
DevolutionsRemote Desktop Manager0 <= 2022.2.26affected
DevolutionsDevolutions Server0 <= 2022.3.1affected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References