Impact
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142‑byte static key array to encrypt credentials. An 8‑character prefix is stored in cleartext next to the ciphertext. This flaw lets an attacker with local access recover any stored password to plaintext using a single SHA‑1 hash and an RC4 decryption operation, with no brute‑force effort required.
Affected Systems
The affected products are Lansweeper lsrunase 2.0 and lsencrypt 2.0, as referenced in the advisory sources. No further vendor or version details are available beyond the version numbers provided.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity. The exploit can be carried out by any local user who has read access to the credentials file. Only a single SHA‑1 hash compute and RC4 decryption are needed, which can be performed in milliseconds, so the attack is trivial for a local attacker. The EPSS score is below 1%, indicating a very low probability that a non‑commercial attack will occur in the near term, and the vulnerability is not listed in the CISA KEV catalog. However, successful exposure of passwords could still allow further privilege escalation or unauthorized access.
OpenCVE Enrichment