Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext).
CPE | Name | Operator | Version |
---|---|---|---|
devolutions_server | lt | 2020.3.20 | |
devolutions_server | lt | 2021.1.18 |