Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature.
History

Fri, 28 Mar 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions remote Desktop Manager
CPEs cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*
cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*
Vendors & Products Devolutions
Devolutions remote Desktop Manager

Thu, 29 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published:

Updated: 2024-08-29T20:09:51.084Z

Reserved: 2024-06-17T13:01:27.989Z

Link: CVE-2024-6057

cve-icon Vulnrichment

Updated: 2024-08-01T21:25:03.229Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-17T13:15:53.800

Modified: 2025-03-28T16:23:36.887

Link: CVE-2024-6057

cve-icon Redhat

No data.