Vulnerability Details CVE-2023-1939
No access control for the OTP key
on OTP entries
in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2023-1939
-
cpe:2.3:a:devolutions:remote_desktop_manager:*
-
cpe:2.3:a:devolutions:remote_desktop_manager:-