CVE-2026-0747

# CVE-2026-0747 PoC - Devolutions Remote Desktop Manager Password Masking Bypass # This PoC demonstrates the password masking defect in TeamViewer entry dashboard import time import subprocess def check_vulnerable_version(): """ Check if Remote Desktop Manager version is vulnerable Affected versions: 2025.3.24.0 through 2025.3.28.0 """ # Simulated version check - in real scenario, parse version from registry or app version = "2025.3.26.0" # Example vulnerable version affected_versions = [ ("2025.3.24.0", "2025.3.28.0") ] for min_ver, max_ver in affected_versions: if min_ver <= version <= max_ver: return True, version return False, version def exploit_scenario(): """ Exploitation scenario for CVE-2026-0747: 1. Attacker gains physical access or screen viewing capability 2. Victim opens Remote Desktop Manager and navigates to TeamViewer entry 3. Password field displays unmasked or partially masked password 4. Attacker observes and captures the password """ print("[*] CVE-2026-0747 Exploitation Scenario") print("[*] Target: Devolutions Remote Desktop Manager TeamViewer Entry Dashboard") is_vulnerable, version = check_vulnerable_version() if is_vulnerable: print(f"[+] Version {version} is VULNERABLE") print("[*] Attack vector: Physical observation or screen sharing") print("[*] Attack steps:") print(" 1. Attacker observes victim's screen during password entry") print(" 2. Password masking fails in TeamViewer dashboard component") print(" 3. Attacker captures exposed password") print(" 4. Attacker uses credentials for unauthorized access") else: print(f"[-] Version {version} is NOT vulnerable") def capture_exposed_password(): """ Simulated password capture - in real scenario would require: - Screen capture during password entry - OCR analysis of captured screenshots - Direct UI inspection via accessibility APIs """ print("[*] Simulating password exposure detection...") time.sleep(1) print("[!] Password field detected without proper masking") print("[!] Exposed password captured") if __name__ == "__main__": exploit_scenario() capture_exposed_password()

{"cve": {"id": "CVE-2026-0747", "sourceIdentifier": "[email protected]", "published": "2026-01-08T20:15:44.927", "lastModified": "2026-01-22T18:14:40.343", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:windows:*:*", "versionStartIncluding": "2025.3.24.0", "versionEndExcluding": "2025.3.29.0", "matchCriteriaId": "7F4399A3-8778-4568-80C0-39E152DBBB9D"}]}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0002/", "source": "[email protected]", "tags": ["Vendor Advisory", "Broken Link"]}]}}