NIXPKGS-2026-0555

GitHub issue published on 7 Mar 2026

Permalink CVE-2026-30790

updated 1 week ago by @mweinelt Activity log

Created automatic suggestion 1 week, 2 days ago
@mweinelt accepted 1 week ago
@mweinelt published on GitHub 1 week ago

RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Peer authentication, API login modules), rustdesk-server RustDesk Server (OSS) rustdesk-server on Windows, MacOS, Linux (Peer authentication, API login modules) allows Password Brute Forcing. This vulnerability is associated with program files src/server/connection.Rs and program routines Salt/challenge generation, SHA256(SHA256(pwd+salt)+challenge) verification. This issue affects RustDesk Server Pro: through 1.7.5; RustDesk Server (OSS): through 1.1.15.

References

https://github.com/rustdesk product
https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub exploit third-party-advisory
https://www.vulsec.org/ vdb-entry third-party-advisory

Affected products

rustdesk-server

=<1.1.15

rustdesk-server-pro

=<1.7.5

Matching in nixpkgs

pkgs.rustdesk-server

RustDesk Server Program

nixos-unstable 1.1.14
- nixpkgs-unstable 1.1.14
- nixos-unstable-small 1.1.14
nixos-25.11 1.1.14
- nixos-25.11-small 1.1.14
- nixpkgs-25.11-darwin 1.1.14

Package maintainers

@gaelreyrol Gaël Reyrol <me@gaelreyrol.dev>
@tjni Theodore Ni <43ngvg@masqt.com>

Advisory: https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0555

References

Affected products

Matching in nixpkgs

pkgs.rustdesk-server

Package maintainers