CVE-2023-1939
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
No access control for the OTP key
on OTP entries
in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Devolutions | Remote Desktop Manager | 0 < 2022.3.34.0 | affected |
| Devolutions | Remote Desktop Manager | 0 < 2022.3.2.1 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.