Description
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
References
https://devolutions.net/security/advisories/DEVO-2023-0006
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0006
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-04-02T21:15:08.297
2 years agoLast modified
2025-02-25T21:15:11.050
4 months ago