CVE-2026-30785
Prototype Pollution and Weak Password Hash in RustDesk Client
Publication date: 2026-03-05
Last updated on: 2026-03-25
Assigner: VULSec Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustdesk | rustdesk | to 1.4.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
| CWE-1321 | The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. |
| CWE-323 | Nonces should be used for the present occasion and only once. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Improperly Controlled Modification of Object Prototype Attributes, also known as 'Prototype Pollution', combined with the use of password hashes that require insufficient computational effort. It affects the RustDesk Client software up to version 1.4.5 on Windows, MacOS, and Linux platforms. The issue lies within several program files related to password security, configuration encryption, and machine unique identifiers. Due to these weaknesses, an attacker could retrieve embedded sensitive data from the affected modules.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized retrieval of sensitive data such as permanent passwords and machine IDs. Since passwords may be stored or transmitted with insufficient protection, attackers could potentially access or manipulate these credentials. This compromises the security of remote control sessions and system configurations, potentially allowing unauthorized access or control over affected machines.
Additionally, attempts to automate or manage RustDesk installations securely are hindered because encrypted passwords and IDs are tied to machine-specific identifiers, making it difficult to transfer or replicate encrypted credentials across devices.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves checking how RustDesk stores and handles passwords and computer IDs on your system.'}, {'type': 'paragraph', 'content': "On Linux systems, you can inspect the RustDesk configuration file located at ~/.config/rustdesk/RustDesk.toml to see if the 'enc_id' parameter and passwords are stored encrypted or in plain text."}, {'type': 'paragraph', 'content': 'RustDesk provides command line arguments to interact with passwords and IDs, such as `--password` to set a password and `--get-id` to retrieve the computer ID. However, these commands require a graphical environment to run and will fail in headless terminals.'}, {'type': 'list_item', 'content': 'Check the RustDesk configuration file for unencrypted passwords or IDs: `cat ~/.config/rustdesk/RustDesk.toml`'}, {'type': 'list_item', 'content': 'Attempt to retrieve the computer ID using RustDesk with GUI: `rustdesk --get-id`'}, {'type': 'list_item', 'content': 'Set a password via command line for testing: `rustdesk --password randompassword` (requires GUI)'}, {'type': 'paragraph', 'content': 'Note that no definitive commands or automated detection tools are provided to detect the vulnerability directly, and attempts to run these commands without a graphical interface will result in errors.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, ensure that passwords and computer IDs are stored encrypted rather than in plain text.'}, {'type': 'paragraph', 'content': "Use RustDesk's updated handling of passwords and IDs, which hashes or encrypts these values in the configuration files."}, {'type': 'paragraph', 'content': 'Avoid storing plain text passwords in software distribution directories or configuration files accessible to other users.'}, {'type': 'list_item', 'content': 'Set passwords via the RustDesk command line argument `--password` rather than manually editing configuration files.'}, {'type': 'list_item', 'content': 'Use the `--get-id` command to retrieve the computer ID securely when needed.'}, {'type': 'paragraph', 'content': 'Consider requesting or implementing features that allow setting already encrypted passwords via command line or environment variables to avoid exposure of plain text passwords.'}] [1, 2]