Insufficiently Protected Credentials

CVE-2023-1574

Medium

6.5/10

Summary

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory Timeline

Published Apr 02, 2023

Insufficiently Protected Credentials

CVE-2023-1574

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS