RustDesk Client Authentication Bypass Vulnerability Allowing Session Replay

Vulnerability

An authentication bypass vulnerability has been identified in RustDesk Client versions through 1.4.5, across multiple platforms including Windows, macOS, Linux, iOS, and Android. This vulnerability allows for session replay by reusing session IDs, which can be exploited in the client login and peer authentication modules. The issue arises from the way passwords are hashed and how login proofs are constructed, enabling capture-replay attacks.

Impact

Exploitation of this vulnerability allows for authentication bypass by capturing and reusing session IDs, potentially leading to unauthorized access or actions within the application.

Added: Mar 5, 2026, 4:27 PM

Updated: Mar 5, 2026, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Client Authentication Bypass Vulnerability Allowing Session Replay

Vulnerability

Impact

Affected Products

RustDesk Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating