← back
CVE-2023-1939

No access control for the OTP key on OTP entries

CVSS 4.3 MEDIUMEPSS 0.4%CWE-732
No access control for the OTP key   on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Devolutions · Remote Desktop Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://devolutions.net/security/advisories/DEVO-2023-0009