The vulnerability in RustDesk Client allows an adversary to generate authentication proofs without a client‑side nonce, thereby enabling session replay attacks. An attacker who captures a valid session identifier can reuse it to bypass authentication and gain authorized access to a RustDesk session. This represents a critical failure in the credential proof mechanism, corresponding to weaknesses that allow replay or reuse of authentication data (CWE‑294) and the lack of protective measures for cryptographic material (CWE‑916). The impact is the ability to impersonate a legitimate client or peer and possibly execute actions within the remote session without any additional credentials.

RustDesk Client versions up to and including 1.4.5 on all supported platforms—Windows, macOS, Linux, iOS, Android, and the web client—are affected. All installations of these platforms using the client login or peer authentication modules are vulnerable.

The CVSS score of 9.3 classifies this flaw as critical, and the EPSS score of <1% indicates a low estimated probability of exploitation, though the actual risk remains high due to the severe impact of credential bypass. The vulnerability is not listed in CISA’s KEV catalog. exploitation typically requires the attacker to obtain a valid session identifier, likely through network eavesdropping or a man‑in‑the‑middle position. Once the session ID is captured, the attacker can replay the authentication proof unopposed, gaining authorized access. The vendor’s recommended fix—adding a client‑side nonce and adopting SRP—directly addresses the root cause, while the workaround of enforcing long passwords and enabling two‑factor authentication raises the barrier for successful attacks until a patch is deployed.