CVE-2022-1342 - OpenCVE

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Devolutions	Remote Desktop Manager

Configuration 1 [-]

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2022-0003	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published: 2022-04-21T00:00:00

Updated: 2022-06-15T16:09:30

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-1342

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-15T17:15:08.697

Modified: 2022-06-24T01:24:28.247

Link: CVE-2022-1342

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Remote Desktop Manager", "vendor": "Devolutions", "versions": [{"lessThanOrEqual": "2022.1.24", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-04-21T00:00:00", "descriptions": [{"lang": "en", "value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-549", "description": "CWE-549", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T16:09:30", "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://devolutions.net/security/advisories/DEVO-2022-0003"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@devolutions.net", "DATE_PUBLIC": "2022-04-21T00:00:00", "ID": "CVE-2022-1342", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Remote Desktop Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "2022.1.24"}]}}]}, "vendor_name": "Devolutions"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-549"}]}]}, "references": {"reference_data": [{"name": "https://devolutions.net/security/advisories/DEVO-2022-0003", "refsource": "MISC", "url": "https://devolutions.net/security/advisories/DEVO-2022-0003"}]}}}}, "cveMetadata": {"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "assignerShortName": "DEVOLUTIONS", "cveId": "CVE-2022-1342", "datePublished": "2022-04-21T00:00:00", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2022-06-15T16:09:30", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "790230BB-540B-4713-B970-7710982AFAC0", "versionEndIncluding": "2022.1.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions."}, {"lang": "es", "value": "Una falta de enmascaramiento de contrase\u00f1as en Devolutions Remote Desktop Manager permite a atacantes f\u00edsicamente pr\u00f3ximos observar datos confidenciales. Un problema de almacenamiento en cach\u00e9 puede causar que los campos confidenciales a veces permanezcan revelados cuando es cerrado y vuelve a abrir un panel, lo que podr\u00eda conllevar a una revelaci\u00f3n involuntaria de informaci\u00f3n confidencial. Este problema afecta a: Devolutions Remote Desktop Manager versiones 2022.1.24 y versiones anteriores"}], "id": "CVE-2022-1342", "lastModified": "2022-06-24T01:24:28.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-15T17:15:08.697", "references": [{"source": "security@devolutions.net", "tags": ["Vendor Advisory"], "url": "https://devolutions.net/security/advisories/DEVO-2022-0003"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-549"}], "source": "security@devolutions.net", "type": "Secondary"}]}