Security & Compliance
DEVO-2022-0002
Summary
A vulnerability can reduce the strength of some passwords when exporting data in Remote Desktop Manager.
Affected Products
Remote Desktop Manager 2021.2 and earlier
Change Log
Initial Publication - 2022-03-09
Severity
High
Product
Remote Destkop Manager
Fix Version
2022.1
Weak password derivation on vault export
Description
When exporting data out of Remote Desktop Manager, a password can be used to encrypt the file. For passwords that were also valid Base64, Remote Desktop Manager erroneously decoded them prior to password derivation which reduces the effective length of the password.
Remediation and Workarounds
Update to Remote Desktop Manager 2022.1 or higher.
Severity
High - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
Remote Desktop Manager
CVE(s)
CVE-2022-26964