RustDesk Client Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

A vulnerability in the RustDesk Client across multiple platforms, including Windows, MacOS, Linux, iOS, and Android, allows for sniffing attacks due to the cleartext transmission of sensitive information. This issue is present in versions through 1.4.5 and is related to the Heartbeat sync loop modules, specifically in the construction of Heartbeat JSON payloads that include the preset address book password.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of sensitive information being transmitted by the RustDesk Client.

Added: Mar 5, 2026, 4:26 PM

Updated: Mar 5, 2026, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.1

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.1

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RustDesk Client Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Impact

Affected Products

RustDesk Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating