Primary

Context

Devolutions Server and Remote Desktop Manager Password Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in the web-based SSH authentication component of Devolutions Server in versions through 2024.3.13, allowing users to unintentionally disclose their SSH passwords due to inadequate password masking. This issue is also present in Remote Desktop Manager versions through 2024.3.29. The vulnerability arises from a failure to properly obscure passwords during SSH authentication, creating a risk of sensitive information leakage.

Impact

Exploitation of this vulnerability leads to the unintentional exposure of SSH passwords, allowing for potential unauthorized access to systems or services that rely on SSH authentication.

Remediation

Users are advised to upgrade to Devolutions Server version 2024.3.14 or higher and to upgrade to Remote Desktop Manager version 2024.3.31 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server and Remote Desktop Manager Password Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

Devolutions Remote Desktop Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating