CVE-2024-11621
📋 TL;DR
This vulnerability allows attackers to perform man-in-the-middle attacks by intercepting and modifying encrypted communications in Devolutions Remote Desktop Manager. Missing certificate validation enables attackers to decrypt and manipulate sensitive data transmitted between the client and servers. All users of affected versions on macOS, iOS, Android, and Linux are vulnerable.
💻 Affected Systems
- Devolutions Remote Desktop Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers can intercept and decrypt all encrypted communications, steal credentials, session tokens, and sensitive data, potentially gaining unauthorized access to remote systems and internal networks.
Likely Case
Attackers on the same network can intercept RDP, SSH, and other protocol credentials, leading to unauthorized access to remote systems and data exfiltration.
If Mitigated
With proper network segmentation and certificate validation enabled, attackers would be unable to intercept communications or would trigger security warnings.
🎯 Exploit Status
Exploitation requires network access to intercept communications. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after those listed in affected versions
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0001/
Restart Required: No
Instructions:
1. Update Remote Desktop Manager to the latest version available for your platform. 2. For macOS/Linux: Use built-in update mechanism or download from official website. 3. For mobile: Update via App Store (iOS) or Google Play (Android). 4. Verify certificate validation is functioning properly.
🔧 Temporary Workarounds
Enable Strict Certificate Validation
allManually configure Remote Desktop Manager to enforce strict certificate validation for all connections
Network Segmentation
allIsolate Remote Desktop Manager clients from untrusted networks and implement network-level protections
🧯 If You Can't Patch
- Discontinue use of Remote Desktop Manager for sensitive connections until patched
- Use VPNs for all remote connections to add encryption layer
🔍 How to Verify
Check if Vulnerable:
Check your Remote Desktop Manager version against affected versions list. If using affected version, you are vulnerable.Check Version:
Check version in application settings or about dialog. No universal command exists across all platforms.Verify Fix Applied:
After updating, test connections to servers with invalid certificates - they should be rejected with certificate validation errors.📡 Detection & Monitoring
Log Indicators:
- Multiple failed connection attempts with certificate errors
- Unexpected certificate validation bypass events
Network Indicators:
- Unusual MITM activity on network segments with Remote Desktop Manager traffic
- SSL/TLS interception attempts
SIEM Query:
Search for events where Remote Desktop Manager connects without proper certificate validation or where certificate warnings are suppressed