Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser tab.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://devolutions.net/security/advisories/DEVO-2024-0009 |
History
Wed, 20 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-290 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: DEVOLUTIONS
Published: 2024-06-25T12:18:18.180Z
Updated: 2024-11-20T21:35:56.186Z
Reserved: 2024-05-13T17:35:34.290Z
Link: CVE-2024-4846
Vulnrichment
Updated: 2024-08-01T20:55:09.986Z
NVD
Status : Awaiting Analysis
Published: 2024-06-25T13:15:50.120
Modified: 2024-11-21T09:43:43.533
Link: CVE-2024-4846
Redhat
No data.