Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Devolutions Server 安全漏洞
Vulnerability Description
Devolutions Server是加拿大Devolutions公司的一个应用系统。提供功能齐全的共享帐户和密码管理解决方案。 Devolutions Server 2025.3.5.0及之前版本存在安全漏洞,该漏洞源于MFA前 cookie 处理期间的权限管理不当,使得低权限的已认证用户可以通过重放 MFA 前 cookie 来冒充其他帐户。
CVSS Information
N/A
Vulnerability Type
N/A