CVE-2023-30367:mRemoteNG versions up to v1.76.20 and 1.77.3-dev expose sensitive information in memory, allowing attackers to extract plaintext credentials from memory dumps even when configuration files are encrypted.

splash
Back

Description Preview

Multi-Remote Next Generation Connection Manager (mRemoteNG) suffers from a critical security vulnerability (CVE-2023-30367) that exposes sensitive information in memory. The application loads configuration files in plaintext into memory at startup, even when these files are encrypted on disk and before any connections are established. This vulnerability allows attackers with access to the system's memory to dump and extract credentials and connection information, effectively bypassing the encryption protection. The issue is particularly severe when users haven't set a custom password encryption key, as it exposes all stored credentials to potential attackers through memory analysis techniques.

Overview

mRemoteNG is a popular open-source remote connection manager that supports multiple protocols and allows users to store connection configurations securely. The vulnerability (CWE-312: Cleartext Storage of Sensitive Information) affects versions up to v1.76.20 and 1.77.3-dev. When the application starts, it decrypts all stored connection configurations and loads them into memory in plaintext, regardless of whether connections are being used. This creates a security risk as an attacker with sufficient privileges to access the process memory can extract all connection credentials, including usernames, passwords, and other sensitive information. Even when users have enabled configuration file encryption, the data becomes vulnerable once loaded into memory, effectively nullifying the disk encryption protection.

Remediation

Users of mRemoteNG should take the following actions:

  1. Upgrade to the latest version of mRemoteNG that addresses this vulnerability
  2. Always use a strong custom encryption key for your configuration files
  3. Consider implementing additional access controls to limit who can access the system where mRemoteNG is running
  4. Monitor for unauthorized memory dump attempts on systems running mRemoteNG
  5. Consider using a password manager with better memory protection instead of storing credentials in mRemoteNG
  6. If upgrading is not immediately possible, close mRemoteNG when not actively using it to minimize the exposure window

References

  1. Packet Storm Security Advisory: http://packetstormsecurity.com/files/173829/mRemoteNG-1.77.3.1784-NB-Sensitive-Information-Extraction.html
  2. GitHub Issue Tracking: https://github.com/mRemoteNG/mRemoteNG/issues/2420
  3. Proof of Concept Exploit: https://github.com/S1lkys/CVE-2023-30367-mRemoteNG-password-dumper
  4. Secuvera Security Advisory: https://www.secuvera.de/advisories/secuvera-SA-2023-01.txt

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Public Administration
    Public Administration
  3. Transportation & Warehousing
    Transportation & Warehousing
  4. Health Care & Social Assistance
    Health Care & Social Assistance
  5. Management of Companies & Enterprises
    Management of Companies & Enterprises
  6. Finance and Insurance
    Finance and Insurance
  7. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  8. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  9. Retail Trade
    Retail Trade
  10. Utilities
    Utilities
  11. Wholesale Trade
    Wholesale Trade
  12. Accommodation & Food Services
    Accommodation & Food Services
  13. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  14. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  15. Construction
    Construction
  16. Educational Services
    Educational Services
  17. Information
    Information
  18. Mining
    Mining
  19. Other Services (except Public Administration)
    Other Services (except Public Administration)
  20. Real Estate Rental & Leasing
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background