Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass…
DEVOLUTIONS·CWE-1391·Published 2025-07-22
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier
El uso de credenciales débiles en el componente de autenticación de emergencia de Devolutions Server permite a un atacante no autenticado eludir la autenticación mediante fuerza bruta los códigos de emergencia cortos generados por el servidor dentro de un plazo razonable. Este problema afecta a las siguientes versiones: * Devolutions Server 2025.2.2.0 a 2025.2.3.0 * Devolutions Server 2025.1.11.0 y anteriores
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 7.7 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 7.7 | 3.1 | 4.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| 4.0 | Primary | cve.org | 9.5 | — | — | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H |
| 4.0 | Secondary | NVD | 9.5 | — | — | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |