GHSA-9qf7-q6gx-q652CriticalCVSS 9.8

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational...

Published
March 5, 2026
Last Modified
June 22, 2026

🔗 CVE IDs covered (1)

📋 Description

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.

This issue affects RustDesk Client: through 1.4.5.

🔗 References (5)