CVE-2023-1939

Summary

No access control for the OTP key 

 on OTP entries

in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.

Affected Software

VendorProductVersion RangeStatus
DevolutionsRemote Desktop Manager0 < 2022.3.34.0affected
DevolutionsRemote Desktop Manager0 < 2022.3.2.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References