Allow disabling "Devolutions Send" to stop disproportionately simple mass exfiltration of passwords

On March 5th, 2024 (Version 2024.1.5.1) the password sharing service "Devolutions Send" has been added to the Remote Desktop Manager.

In short, it is a service that allows you to share passwords from your datasource with users who do not have access to this datasource. It is a good alternative to emails and chats, as Devolutions Send is using end to end encryption, but there is a major caveat:

It is enabled by default and can't be turned off.







We don't know how Devolutions did not see the potential to use this as a mass exfiltration tool for malicious users, and their support team leader told us we're the first and only customer to mention this, and we should therefore create a feature request... A feature request for a fundamental safety precaution... alongside 3900 other feature requests (130 pages with 30 posts each) that have been lying around here for 15 years. It's wonderful to see what kind of service you get as a paying customer.



The only workaround they've provided is revoking the "View Password" permission for all users, which makes copying and using a password outside of the RDM impossible. It would be a trivial fix to introduce a database-level setting to control Devolutions Send or to introduce a new permission.