Primary

Context

Devolutions Remote Desktop Manager Password Saving Vulnerability

Vulnerability

Patched

A vulnerability exists in Devolutions Remote Desktop Manager in versions through 2025.3.30 that improperly enforces the setting to disable password saving in vaults. This flaw allows authenticated users to save credentials in vault entries, potentially exposing sensitive information to other users. The issue arises when certain connection types are created or edited while password saving is disabled.

Impact

Exploitation of this vulnerability could lead to unauthorized credential storage in vaults, allowing sensitive information to be shared with other users.

Remediation

Users are advised to upgrade to Devolutions Remote Desktop Manager version 2026.1.

Added: Mar 3, 2026, 10:51 PM

Updated: Mar 3, 2026, 10:51 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.1

exploitability

3.3

remediation

7.7

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Remote Desktop Manager Password Saving Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Devolutions Remote Desktop Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating