Primary

Context

RustDesk Client Cryptographic Vulnerability Allowing Retrieval of Embedded Sensitive Data

Vulnerability

A vulnerability in the RustDesk Client across multiple platforms, including Windows, MacOS, Linux, iOS, Android, and WebClient, allows for the retrieval of embedded sensitive data due to the use of a broken or risky cryptographic algorithm. This issue affects RustDesk Client versions through 1.4.5 and is associated with specific program files and routines that handle configuration imports and URI scheme parsing.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data embedded within the application.

Reproduction

The vulnerability can be reproduced by importing a configuration file that contains sensitive data into the RustDesk Client using the command line interface with the '--import-config' option. Alternatively, the '--config' option can be used to manually set up the client with an encrypted configuration string obtained from RustDesk Server Pro, which also includes sensitive data.

Added: Mar 5, 2026, 3:18 PM

Updated: Mar 5, 2026, 3:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.7

remediation

0.0

relevance

3.5

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

6.7

remediation

0.0

relevance

3.5

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Client Cryptographic Vulnerability Allowing Retrieval of Embedded Sensitive Data

Vulnerability

Impact

Reproduction

Affected Products

RustDesk Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating