CVE-2022-3781 - Unencrypted Password Storage in Devolutions Remote Desktop Manager and Devolutions Server, Compromising Dashlane and KeePass Server Passwords
A recent discovery reveals a critical vulnerability in Devolutions' Remote Desktop Manager (RDM) and Devolutions Server, which are widely used by IT professionals for remote connections and password management. This vulnerability, identified as CVE-2022-3781, affects RDM 2022.2.26 and prior versions, as well as Devolutions Server 2022.3.1 and prior versions. The issue stems from the fact that Dashlane passwords and KeePass Server passwords in My Account Settings are not encrypted in the database, allowing any database user to easily read the passwords.
Exploit Details
This vulnerability can be exploited by an attacker who has access to the database, whether through compromised user credentials or other security vulnerabilities, enabling the attacker to read sensitive password data stored in Dashlane and KeePass Server. Although encryption is generally used to store passwords, this vulnerability demonstrates a failure to implement proper security measures. More information about CVE-2022-3781 can be found at the National Vulnerability Database (NVD).
Code Snippet
Below is an example of a simple SQL query that can be executed to retrieve unencrypted Dashlane and KeePass Server passwords from the affected versions of Devolutions RDM and Devolutions Server:
SELECT UserId, DashlanePassword, KeePassServerPassword
FROM MyAccountSettings
WHERE DashlanePassword IS NOT NULL OR KeePassServerPassword IS NOT NULL;
Mitigation Steps
To mitigate this vulnerability, it is recommended that users of affected versions of Devolutions RDM and Devolutions Server take the following steps:
1. Update both Devolutions RDM and Devolutions Server to the latest versions, which should include a patch for this vulnerability.
Change Dashlane and KeePass Server passwords for all affected users.
3. Verify that the new versions of the two applications store passwords in an encrypted format in the database.
For further details on this vulnerability, please refer to the following links
- CVE-2022-3781 at the National Vulnerability Database (NVD)
- Devolutions Remote Desktop Manager
- Devolutions Server
Conclusion
It is crucial for organizations to ensure that their software products are up-to-date and apply appropriate security patches. This CVE-2022-3781 vulnerability highlights the importance of securing sensitive data, such as passwords, with encryption. By taking immediate steps to mitigate this issue, affected users of Devolutions RDM and Devolutions Server can minimize potential damage and avoid unauthorized access to their valuable data.
Timeline
Published on: 11/01/2022 19:15:00 UTC
Last modified on: 11/03/2022 17:18:00 UTC