CVE-2026-30790
Received Received - Intake

Brute Force Vulnerability in RustDesk Server Authentication Modules

Vulnerability report for CVE-2026-30790, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-05

Last updated on: 2026-06-22

Assigner: VULSec Labs

Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-05
Last Modified
2026-06-22
Generated
2026-07-06
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-22
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
rustdesk rustdesk_server to 1.7.5 (inc)
rustdesk rustdesk_server to 1.1.15 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers to perform password brute forcing attacks on RustDesk Server Pro and RustDesk Server (OSS), potentially gaining unauthorized access to remote desktop sessions or administrative functions. Successful exploitation could lead to compromise of sensitive data, unauthorized control over remote systems, and disruption of services.

Compliance Impact

I don't know

Executive Summary

CVE-2026-30790 is a vulnerability in RustDesk Server Pro and RustDesk Server (OSS) that allows password brute forcing due to improper restriction of excessive authentication attempts and the use of password hashing with insufficient computational effort. This affects the peer authentication and API login modules on Windows, MacOS, and Linux platforms. The vulnerability involves weak password hashing and inadequate challenge-response verification mechanisms, making it easier for attackers to guess passwords through repeated attempts.

Detection Guidance

This vulnerability involves improper restriction of excessive authentication attempts and use of password hashes with insufficient computational effort, allowing password brute forcing on RustDesk Server Pro and RustDesk Server (OSS). Detection would involve monitoring for repeated failed authentication attempts on the peer authentication and API login modules.

Since the vulnerability relates to brute force attacks, you can detect it by analyzing authentication logs for multiple failed login attempts from the same IP or user.

  • Use system or application logs to identify repeated failed login attempts.
  • On Linux systems, commands like `grep 'failed' /var/log/auth.log` or `journalctl -u rustdesk-server` (if applicable) can help find authentication failures.
  • Network monitoring tools can be used to detect unusual authentication traffic patterns targeting the RustDesk server ports.
Mitigation Strategies

Immediate mitigation steps include limiting authentication attempts to prevent brute force attacks and updating the RustDesk Server Pro and RustDesk Server (OSS) to versions beyond those affected (i.e., versions later than 1.7.5 for Pro and 1.1.15 for OSS).

Additional measures include implementing stronger password policies, enabling account lockout mechanisms, and monitoring authentication logs for suspicious activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30790. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart