Auth bypass in Devolutions Remote Desktop Manager

CVE-2024-11670

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

Vulnerability class: Broken Access Control

EPSS: 0.000 (11.1th percentile) — read the EPSS interpretation.

Affected products

Devolutions Remote Desktop Manager — versions 0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

devolutions.net/security/advisories/DEVO-2024-0015