CRITICAL🇵🇱 Wersja polska

CVE-2024-6057

CVSS 9.8v3.1pub. 2024-06-17upd. 2025-03-28

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.

🤖 AI Analysis
How it works

The vulnerability results from improper authentication implementation (CWE-287) in the vault password function. An attacker who has gained access to the Remote Desktop Manager instance can use the offline mode feature to bypass the master password verification protecting the vault. This allows access to encrypted resources without knowing the correct password.

Impact

An attacker with compromised access to an RDM instance can gain full access to vault contents — including stored credentials, connection configurations, and other sensitive data — without needing to provide the correct master password.

Mitigation & patch

Devolutions Remote Desktop Manager should be updated to a version newer than 2024.1.31.0. Detailed information about available patches can be found in the vendor's official security bulletin: https://devolutions.net/security/advisories/DEVO-2024-0008

Who is affected

Devolutions Remote Desktop Manager version 2024.1.31.0 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Devolutions Remote Desktop Manager

    APP
    Devolutions
    < 2024.1.32.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-2590CRITICAL9.8PL ✓ten sam produkt

Błędne egzekwowanie zakazu zapisywania haseł w Devolutions Remote Desktop Manager

CVE-2023-6593CRITICAL9.8PL ✓ten sam produkt

Pomijanie uprawnień po stronie klienta w Devolutions Remote Desktop Manager na iOS

CVE-2023-5765CRITICAL9.8ten sam produkt

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and e...

CVE-2023-5766CRITICAL9.8ten sam produkt

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an a...

CVE-2023-4373CRITICAL9.8ten sam produkt

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop...