.jpg)
%20Abstract%20Background%20112024%20SOURCE%20Amazon.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
.jpg?#)
_Christophe_Coat_Alamy.jpg?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications
Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks. These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers. CVE-2025-1193 Improper Host Validation CVE-2025-1193 has been assigned to this vulnerability, with […] The post Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications appeared first on Cyber Security News.
Devolutions have disclosed critical vulnerabilities in its Remote Desktop Manager (RDM) software, which could allow attackers to intercept and modify encrypted communications through man-in-the-middle (MITM) attacks.
These flaws stem from improper certificate validation across all platforms and have been assigned high-severity CVE identifiers.
CVE-2025-1193 Improper Host Validation
CVE-2025-1193 has been assigned to this vulnerability, with a CVSS score of 8.5 (High). In RDM versions 2024.3.19 and earlier for Windows, the certificate validation logic failed to properly validate the host.
The vulnerability in Windows arises from insufficient checks in the certificate validation logic within RDM’s host verification process.
Attackers can exploit this flaw by presenting a spoofed certificate for an unrelated host. This allows the interception of sensitive data during encrypted communication.
The attack vector is network-based, requiring no privileges or user interaction.
CVE-2024-11621 Missing Certificate Validation
This vulnerability is tracked as CVE-2024-11621, with a CVSS score of 8.6 (High). On macOS, Linux, Android, iOS, and PowerShell versions of RDM, certificate validation was entirely absent.
This means any certificate presented during a connection would be accepted without user notification.
The complete absence of certificate validation creates a critical security gap where any malicious certificate is automatically trusted by the application.
This enables attackers to use Man-in-the-Middle (MITM) attacks to intercept encrypted conversations.
Affected Products and Versions
Platform Affected Versions Fixed Versions Windows 2024.3.19 and earlier 2024.3.20 or higher macOS 2024.3.9.0 and earlier 2024.3.10.3 or higher Linux 2024.3.2.5 and earlier 2024.3.2.9 or higher Android 2024.3.3.7 and earlier 2024.3.4.2 or higher iOS 2024.3.3.0 and earlier 2024.3.4 or higher PowerShell 2024.3.6 and earlier 2024.3.7 or higher
Devolutions recommend immediate upgrades to patched versions of RDM to mitigate these risks.
These vulnerabilities highlight the importance of robust certificate validation in securing encrypted communications against MITM attacks in remote desktop environments.
The post Remote Desktop Manager Vulnerabilities Let Attackers Intercept Encrypted Communications appeared first on Cyber Security News.
