Portal Portal Forum Forum Devolutions Force Devolutions Force Devolutions Hub Business Devolutions Hub Business Devolutions Hub Personal Devolutions Hub Personal Download RDM RDM Workspace Workspace Launcher Launcher

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2022-0004

Summary

Credentials in My Account Settings are accessible to other users when stored in the database.

Affected Products

Remote Desktop Manager 2022.1.6 and earlier

Change Log

Initial Publication - 2022-05-02

Severity

Medium

Product

Remote Desktop Manager

Fix Version

2022.1.8

Credentials stored in My Account Settings are accessible to other users

Description

Credentials stored in My Account Settings are stored in the datasource by default, which make them accessible to other users. An option was added in Remote Desktop Manager to save account settings locally.

Remediation and Workarounds

Starting with Remote Desktop Manager 2022.1.8, an option is available in My Account Settings to set the save location to "Local". Account settings will then be saved locally on the computer.

Severity

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Remote Desktop Manager 2022.1.6 and earlier

CVE(s)

CVE-2022-2221