{"id":1924,"date":"2025-02-12T10:03:43","date_gmt":"2025-02-12T10:03:43","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/02\/12\/remote-desktop-manager-vulnerabilities-let-attackers-intercept-encrypted-communications\/"},"modified":"2025-02-12T10:03:43","modified_gmt":"2025-02-12T10:03:43","slug":"remote-desktop-manager-vulnerabilities-let-attackers-intercept-encrypted-communications","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/02\/12\/remote-desktop-manager-vulnerabilities-let-attackers-intercept-encrypted-communications\/","title":{"rendered":"Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications"},"content":{"rendered":"<p>    Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Devolutions have disclosed critical vulnerabilities in its <a href=\"https:\/\/cybersecuritynews.com\/remote-desktop-manager-flaw\/\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Desktop Manager (RDM)<\/a> software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.\u00a0<\/p>\n<p>These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers.<\/p>\n<h2 class=\"wp-block-heading\"><strong>CVE-2025-1193 Improper Host Validation<\/strong><\/h2>\n<p>CVE-2025-1193 has been assigned to this vulnerability, with a CVSS score of 8.5 (High). In RDM versions 2024.3.19 and earlier for Windows, the certificate validation logic failed to properly validate the host.\u00a0<\/p>\n<p>The vulnerability in Windows arises from insufficient checks in the certificate validation logic within RDM\u2019s host verification process.<\/p>\n<p>Attackers can exploit this flaw by presenting a spoofed certificate for an unrelated host. This allows the interception of sensitive data during encrypted communication.<\/p>\n<p>The attack vector is network-based, requiring no privileges or user interaction.<\/p>\n<h2 class=\"wp-block-heading\"><strong>CVE-2024-11621 Missing Certificate Validation<\/strong><\/h2>\n<p>This vulnerability is tracked as CVE-2024-11621, with a CVSS score of 8.6 (High). On <a href=\"https:\/\/cybersecuritynews.com\/password-stealing-malware-attacking-macos-users\/\" target=\"_blank\" rel=\"noreferrer noopener\">macOS<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/linux-x-509-certificate-based-user-login-flaws\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/242000-times-downloaded-malicious-apps-from-android-and-ios\/\" target=\"_blank\" rel=\"noreferrer noopener\">Android<\/a>, <a href=\"https:\/\/cybersecuritynews.com\/deepseek-ios-app-sending-data-unencrypted\/\" target=\"_blank\" rel=\"noreferrer noopener\">iOS<\/a>, and PowerShell versions of RDM, certificate validation was entirely absent.\u00a0<\/p>\n<p>This means any certificate presented during a connection would be accepted without user notification.<\/p>\n<p>The complete absence of certificate validation creates a critical security gap where any malicious certificate is automatically trusted by the application.\u00a0<\/p>\n<p>This enables attackers to use Man-in-the-Middle <a href=\"https:\/\/cybersecuritynews.com\/researchers-bypass-wpa3-password\/\" target=\"_blank\" rel=\"noreferrer noopener\">(MITM) attacks<\/a> to intercept encrypted conversations.<\/p>\n<p><strong>Affected Products and Versions<\/strong><\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>Platform<\/strong><\/td>\n<td><strong>Affected Versions<\/strong><\/td>\n<td><strong>Fixed Versions<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Windows<\/td>\n<td>2024.3.19 and earlier<\/td>\n<td>2024.3.20 or higher<\/td>\n<\/tr>\n<tr>\n<td>macOS<\/td>\n<td>2024.3.9.0 and earlier<\/td>\n<td>2024.3.10.3 or higher<\/td>\n<\/tr>\n<tr>\n<td>Linux<\/td>\n<td>2024.3.2.5 and earlier<\/td>\n<td>2024.3.2.9 or higher<\/td>\n<\/tr>\n<tr>\n<td>Android<\/td>\n<td>2024.3.3.7 and earlier<\/td>\n<td>2024.3.4.2 or higher<\/td>\n<\/tr>\n<tr>\n<td>iOS<\/td>\n<td>2024.3.3.0 and earlier<\/td>\n<td>2024.3.4 or higher<\/td>\n<\/tr>\n<tr>\n<td>PowerShell<\/td>\n<td>2024.3.6 and earlier<\/td>\n<td>2024.3.7 or higher<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>Devolutions recommend immediate <a href=\"https:\/\/devolutions.net\/security\/advisories\/DEVO-2025-0001\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">upgrades<\/a> to patched versions of RDM to mitigate these risks.<\/p>\n<p>These vulnerabilities highlight the importance of robust certificate validation in securing encrypted communications against MITM attacks in remote desktop environments.<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/rdm-vulnerabilities-intercept-encrypted-communications\/\">Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/rdm-vulnerabilities-intercept-encrypted-communications\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.\u00a0 These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,648],"tags":[130],"class_list":["post-1924","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1924"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=1924"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1924\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=1924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=1924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=1924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}