Missing Password Field Masking

CVE-2022-1342

Medium

4.6/10

Summary

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-549 - Missing Password Field Masking

The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

References

Advisory Timeline

Published Jun 15, 2022

Missing Password Field Masking

CVE-2022-1342

Summary

CWE-549 - Missing Password Field Masking

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS