CVE-2026-30789
CRIT 9.8Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction.
This issue affects RustDesk Client: through 1.4.5.
Affected Applications in Environment
19
Rustdesk
v1.2.3+39
1 device
Rustdesk
v1.4.5
6 devices
Rustdesk
v1.4.0+58
2 devices
Rustdesk
v1.3.9 (57)
1 device
Rustdesk
v1.4.4 (62)
1 device
Rustdesk
v1.4.2+60
1 device
Rustdesk
v1.4.3
1 device
Rustdesk
v1.4.5+63
11 devices
Rustdesk
v1.4.1
7 devices
Rustdesk
v1.2.3
1 device
Rustdesk
v1.4.1+59
7 devices
Rustdesk
v1.4.4+62
1 device
Rustdesk
v1.4.2 (60)
1 device
Rustdesk
v1.4.0.29119187
2 devices
Rustdesk
v1.3.1.28780709
1 device
Rustdesk
v1.3.1+47
1 device
Rustdesk
v1.4.2
1 device
Rustdesk
v1.4.4.29392109
1 device
Rustdesk
v1.4.3+60
1 device
Affected Devices
24
DESKTOP-5KVOR71
Windows
DESKTOP-AASJHC2
Windows
DESKTOP-EILTT2N
Windows
DESKTOP-UUT4C45
Windows
DPCPD-BK7WZF2
Windows
DPEMAE-7242KKC
Windows
DPENGR-L1283ZDM
Windows
DPHSNG-LEDBYOEM
Windows
DPINFT-02609239
Windows
DPINFT-6P663188
Windows
DPINFT-810B00F
Windows
DPINFT-PF1TA1PH
Windows
HDTS171858
Windows
HTTS171501
Windows
LGN-HH-220
Windows
LGN-LIB-302
Windows
LGN-LIB-411
Windows
LOGAN-VSB-219
Windows
NCH-194817
Windows
SETHVM
Windows
SILK
Windows
a00014956-R7HQ9T146L
Mac
a00344774-D64VY7FMP7
Mac
a00523751-JYGQVF06HR
Mac