RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

How real software downloads can hide remote backdoors

It starts with a simple search. You need to set up remote access to a colleague’s computer. You do a Google search for “RustDesk download,” click one of the top results, and land on a polished website with documentation, downloads, and familiar branding. You install the software, launch it, and...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

RustDesk Self-Host Server Installed (Windows)

Binary data rustdeskselfhostingserverwininstalled.nbin...

RustDesk Self-Host Server (Linux)

Binary data rustdeskselfhostingserverlinuxinstalled.nbin...

RustDesk Installed (macOS)

Binary data rustdeskmacosinstalled.nbin...

RustDesk Installed (Windows)

Binary data rustdeskwininstalled.nbin...

RustDesk Installed (Linux)

Binary data rustdesklinuxinstalled.nbin...

RustDesk API Admin Detected

RustDesk is a remote access and control software that enables management of computers and other devices. RustDesk API Admin is a RESTful API allowing automation and integration of RustDesk functionality into other systems. By levegaring this service, a remote and unauthenticated attacker could us...

RustDesk API Admin Registration Enabled

RustDesk is a remote access and control software that enables management of computers and other devices. RustDesk API Admin is a RESTful API allowing automation and integration of RustDesk functionality into other systems. The registration is enabled on the target API Admin interface, allowing a...

RustDesk Console Detected

RustDesk is a mote access and control software that enables management of computers and other devices. RustDesk server Pro embeds a web console allowing users to browse devices and perform configuration modification on the application. By leveraging this, a remote and unauthenticated attacker cou...

RustDesk Console Default Credentials

RustDesk is a mote access and control software that enables management of computers and other devices. RustDesk server Pro embeds a web console allowing users to browse devices and perform configuration modification on the application. A remote and unauthenticated attacker can use the default...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

Default configuration

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

PT-2024-20774 · Rustdesk · Rustdesk

Name of the Vulnerable Software and Affected Versions: RustDesk version 1.2.3 Description: A default installation of RustDesk on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing, valid from 2023 until 2033. This is...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

RustDesk Security Breach

RustDesk is a remote access and remote control software, mainly written in Rust, to remotely maintain computers and other devices. A security vulnerability exists in RustDesk version 1.2.3, which stems from the lack of public documentation on private key security measures...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

CVE-2024-25140

CVE-2024-25140 affects RustDesk 1.2.3 on Windows. A default install places a WDKTestCert in Trusted Root Certification Authorities with EKU Code Signing (1.3.6.1.5.5.7.3.3), valid 2023–2033. This was intended behavior per vendor note, using a test certificate due to lack of EV cert, raising conce...