CVE-2023-2257

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2023
Last modified:
04/02/2025

Description

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub <br /> Business space without being prompted to enter the password via an <br /> unimplemented "Force Login" security feature.<br /> <br /> This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.<br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:devolutions:workspace:*:*:*:*:desktop:*:*:* 2023.1.1.4 (excluding)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*