Home

Description

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

PUBLISHED Reserved 2026-03-05 | Published 2026-03-05 | Updated 2026-03-05 | Assigner VULSec




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

CWE-916 Use of Password Hash With Insufficient Computational Effort

Product status

Default status
affected

Any version
affected

Default status
unaffected

Any version
affected

Credits

Erez Kalman finder

Erez Kalman reporter

References

github.com/rustdesk product

cve.org (CVE-2026-30790)

nvd.nist.gov (CVE-2026-30790)

Download JSON