Login Sign Up

CVE-2023-5765

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass access controls in Devolutions Remote Desktop Manager by switching data sources in the password analyzer feature. Attackers can potentially access sensitive credentials and connection information they shouldn't have permission to view. Organizations using affected versions of Remote Desktop Manager on Windows are at risk.

💻 Affected Systems

Products:
  • Devolutions Remote Desktop Manager
Versions: 2023.2.33 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations of Remote Desktop Manager. The vulnerability is in the password analyzer feature specifically.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all credentials and connection information stored in Remote Desktop Manager, leading to lateral movement across the network and potential domain takeover.

🟠

Likely Case

Unauthorized access to sensitive credentials and connection details, enabling attackers to access critical systems and escalate privileges.

🟢

If Mitigated

Limited impact with proper network segmentation and credential management, though sensitive data exposure remains possible.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some level of access to the Remote Desktop Manager application, but the technique is straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.2.34 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2023-0019/

Restart Required: Yes

Instructions:

1. Download and install Remote Desktop Manager version 2023.2.34 or later from the official Devolutions website. 2. Close all instances of Remote Desktop Manager. 3. Run the installer. 4. Restart the application after installation completes.

🔧 Temporary Workarounds

Disable Password Analyzer Feature

windows

Temporarily disable the password analyzer feature to prevent exploitation while planning for patching.

Navigate to Tools > Options > Security > Password Analyzer and disable the feature

Restrict Data Source Access

all

Implement strict access controls on data sources and limit user permissions to essential functions only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Remote Desktop Manager instances from critical systems
  • Enable detailed logging and monitoring for unauthorized access attempts to password analyzer features

🔍 How to Verify

Check if Vulnerable:

Check the version in Remote Desktop Manager by going to Help > About. If version is 2023.2.33 or earlier, the system is vulnerable.

Check Version:

In Remote Desktop Manager: Help > About displays the version

Verify Fix Applied:

After updating, verify the version shows 2023.2.34 or later in Help > About. Test that password analyzer functions properly with appropriate access controls.

📡 Detection & Monitoring

Log Indicators:

  • Unusual data source switching activity
  • Multiple failed permission checks followed by successful access
  • Access to password analyzer from unauthorized users

Network Indicators:

  • Unusual outbound connections from Remote Desktop Manager hosts
  • Traffic patterns suggesting credential harvesting

SIEM Query:

source="RemoteDesktopManager" AND (event_type="access_denied" OR event_type="data_source_switch") | stats count by user, source_ip

📊 Metadata

CVE ID: CVE-2023-5765
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON