CVE-2024-3545 in Server
Summary
by MITRE • 04/10/2024
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/04/2024
The vulnerability identified as CVE-2024-3545 represents a critical flaw in Devolutions Remote Desktop Manager and Devolutions Server applications that affects versions up to 2024.1.20 and 2024.1.8 respectively. This issue stems from improper permission handling within the vault offline cache feature, creating a significant security risk that undermines the intended protection mechanisms of the software. The flaw exists specifically on windows platforms and demonstrates a fundamental failure in access control implementation that persists even when offline mode is explicitly disabled by users.
The technical root cause of this vulnerability lies in the insufficient implementation of file system permissions for the offline cache files that are generated by the application. When users configure the software to operate in offline mode, the application creates cache files that contain sensitive information such as credentials, connection details, and other privileged data. However, the vulnerability allows unauthorized access to these cache files through improper permission handling that fails to properly restrict access based on user context or security boundaries. This misconfiguration means that local attackers with access to the compromised system can read the cache files directly without proper authentication or authorization, effectively bypassing the application's intended security controls.
The operational impact of CVE-2024-3545 extends beyond simple information disclosure, as it creates a persistent backdoor for attackers who gain access to systems where the vulnerable software is installed. Even when offline mode is disabled, the cache files may remain accessible, providing attackers with potential access to sensitive data that should be protected. This vulnerability particularly affects enterprise environments where remote desktop management tools are extensively used, as it could enable attackers to compromise multiple systems and access a wide range of credentials and connection information. The risk is amplified because the cache files often contain encrypted but potentially recoverable credentials that could be exploited by threat actors with sufficient technical capability.
Security professionals should note that this vulnerability aligns with CWE-284, which addresses improper access control, and demonstrates characteristics consistent with ATT&CK technique T1552.001, which covers "Unsecured Credentials" through local credential storage. The flaw represents a failure in the principle of least privilege, where sensitive data is stored with insufficient access controls that allow unauthorized users to access the information. Organizations should implement immediate mitigations including updating to patched versions of Devolutions Remote Desktop Manager and Devolutions Server, reviewing file system permissions on existing cache files, and implementing additional monitoring for unauthorized access attempts. Additionally, security teams should consider disabling offline cache functionality until proper patching can be completed and verify that cache files are properly secured with appropriate access controls that restrict access to authorized users only.