CVE-2023-0463
LOWDevolutions Remote Desktop Manager 2022.3.29-2022.3.30 - Sensitive Data Exposure via MFA Bypass
Title source: llmDescription
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.
References (1)
Core 1
Core References
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0001
Scores
CVSS v3
3.3
EPSS
0.0023
EPSS Percentile
13.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (2)
devolutions/remote_desktop_manager
2022.3.29
devolutions/remote_desktop_manager
2022.3.30
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026