9.8
CVE-2026-30790
- EPSS 0.11%
- Veröffentlicht 05.03.2026 15:49:15
- Zuletzt bearbeitet 25.03.2026 15:43:09
- Quelle 2fdefc65-d750-4b8d-96ee-6e2c0c
- CVE-Watchlists
- Unerledigt
LoginImproper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rustdesk ≫ Rustdesk Server SwEditionpro Version <= 1.7.5
Rustdesk ≫ Rustdesk Server SwEditionoss Version <= 1.1.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.295 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.