CVE-2022-3781 is a vulnerability identified in Devolutions Remote Desktop Manager (RDM) versions 2022.2.26 and earlier, as well as Devolutions Server 2022.3.1 and earlier. The issue pertains to the improper handling of sensitive data, specifically the Dashlane password and Keepass Server password stored in the My Account Settings database. These passwords are stored without encryption, allowing any user with database access to read these sensitive credentials in plaintext. The vulnerability is classified under CWE-311, which refers to missing encryption of sensitive data. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) shows that the vulnerability is remotely exploitable over the network with low attack complexity, requires privileges (PR:L) to access the database, does not require user interaction, and impacts confidentiality with high severity but does not affect integrity or availability. This means that an attacker who already has some level of access to the system or network and can reach the database can extract sensitive passwords in cleartext, potentially leading to further compromise if those credentials are reused or provide access to other systems. No known exploits are reported in the wild, and no patches are linked in the provided data, indicating that organizations should verify their version and apply any vendor updates or mitigations as they become available. This vulnerability highlights a critical security design flaw in credential storage within the affected Devolutions products, undermining the confidentiality of stored passwords and increasing the risk of credential theft and lateral movement within affected environments.

For European organizations using Devolutions Remote Desktop Manager or Devolutions Server, this vulnerability poses a significant risk to the confidentiality of stored credentials. Since RDM is often used to manage remote connections and passwords for IT infrastructure, exposure of these passwords can lead to unauthorized access to critical systems, data breaches, and potential lateral movement within networks. The impact is particularly severe in sectors with stringent data protection requirements such as finance, healthcare, and government, where unauthorized access could lead to regulatory penalties under GDPR and compromise sensitive personal or organizational data. The vulnerability requires an attacker to have some level of access (privileges) to the database, which may limit exploitation to insider threats or attackers who have already breached perimeter defenses. However, once inside, the lack of encryption on stored passwords facilitates easy credential harvesting. This can accelerate attack progression and complicate incident response. European organizations relying on these products should consider the risk of credential exposure as a critical factor in their security posture, especially given the widespread use of remote desktop management tools in IT operations.

1. Immediate verification of the deployed versions of Devolutions Remote Desktop Manager and Devolutions Server is essential. Organizations should upgrade to versions beyond 2022.2.26 for RDM and 2022.3.1 for Devolutions Server once official patches are released. 2. Until patches are available, restrict database access strictly to trusted administrators and monitor access logs for unusual activity. 3. Implement network segmentation and strong access controls to limit who can reach the database storing these credentials. 4. Employ additional encryption layers at the database or filesystem level to protect stored data, mitigating the risk of plaintext exposure. 5. Rotate all stored passwords, especially Dashlane and Keepass Server passwords, after patching or mitigation to invalidate any potentially compromised credentials. 6. Conduct regular audits of credential storage practices and enforce encryption for all sensitive data at rest. 7. Enhance monitoring and alerting for suspicious access patterns to the database and related systems. 8. Educate administrators about the risks of storing unencrypted credentials and encourage the use of secure vaults or hardware security modules (HSMs) where possible. These steps go beyond generic advice by focusing on immediate containment, layered encryption, credential hygiene, and operational security improvements tailored to the nature of this vulnerability.