CVE-2026-30789
Received Received - Intake
Authentication Bypass via Session Replay in RustDesk Client

Publication date: 2026-03-05

Last updated on: 2026-03-25

Assigner: VULSec Labs

Description
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-03-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30789
EUVD
EUVD-2026-9834
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rustdesk rustdesk to 1.4.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the RustDesk Client involves an authentication bypass through capture-replay attacks. Specifically, it allows an attacker to reuse session IDs, also known as session replay, to bypass authentication mechanisms. The issue is related to the use of password hashes with insufficient computational effort, affecting the client login and peer authentication modules across multiple platforms including Windows, MacOS, Linux, iOS, and Android.


How can this vulnerability impact me? :

This vulnerability can have a severe impact as it allows attackers to bypass authentication without needing valid credentials by reusing session IDs. This could lead to unauthorized access to user accounts or systems, potentially exposing sensitive data or allowing malicious actions within the affected RustDesk Client environments.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart