RustDesk Server Password Brute Forcing Vulnerability

Vulnerability

A vulnerability allowing password brute forcing has been identified in RustDesk Server Pro and RustDesk Server (OSS) versions through 1.7.5 and 1.1.15, respectively. This issue arises from an improper restriction of excessive authentication attempts in the peer authentication and API login modules across Windows, macOS, and Linux. The vulnerability is rooted in the server's password hashing mechanism, which uses SHA256 with insufficient computational effort, allowing for rapid guessing of passwords.

Impact

Exploitation of this vulnerability allows for successful brute force attacks on user passwords, potentially leading to unauthorized access.

Added: Mar 5, 2026, 4:27 PM

Updated: Mar 5, 2026, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Server Password Brute Forcing Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating