RustDesk Client Prototype Pollution Vulnerability Allowing Retrieval of Sensitive Data

A vulnerability in RustDesk Client versions through 1.4.5 on Windows, MacOS, and Linux allows for prototype pollution, leading to the improper modification of object prototype attributes. This issue, related to password security, config encryption, and machine UID modules, enables the retrieval of embedded sensitive data. The vulnerability arises from the way passwords and IDs are handled in the user settings file, which can be accessed in plain text.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, including passwords and machine IDs, which are stored in an unencrypted format and can be easily read by users.

Reproduction

The vulnerability can be reproduced by installing RustDesk Client on a Windows, MacOS, or Linux machine. After the installation, the permanent password and ID are stored in plain text in the user settings file. This file can be accessed and read by any user, exposing sensitive information. Additionally, the encrypted password and ID from a test installation cannot be transferred to another installation, suggesting that a unique machine identifier is used in the encryption process.