Auth bypass in Devolutions Remote Desktop Manager

CVE-2024-11671

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

Vulnerability class: Broken Authentication

EPSS: 0.001 (29.3th percentile) — read the EPSS interpretation.

Affected products

Devolutions Remote Desktop Manager — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

devolutions.net/security/advisories/DEVO-2024-0016