Known vuln RustDesk

fdroidiordf · June 24, 2022, 2:02pm

It seems like RustDesk has an known vulnerability in e2ee.

github.com/rustdesk/rustdesk

secure

opened 03:33AM - 10 Sep 21 UTC

closed 08:16AM - 30 Jul 22 UTC

lbl8603

question

[感谢你们开源这一作品，同时我也希望它能更好。接着昨天提出的中间人攻击的问题[https://github.com/rustdesk/rustdesk/issu…es/223](https://github.com/rustdesk/rustdesk/issues/223) 我进一步证实了自己的想法，如下图所示，客户端显示的是加密中继连接，并且客户端没有察觉到异常，可是中间人却已经将传输的数据解密了 ![2](https://user-images.githubusercontent.com/49143209/132795048-9c160952-1408-4025-8b8b-19b1b1e71475.jpg)， ![image](https://user-images.githubusercontent.com/49143209/132795305-1d6c58d1-ec9a-4f35-8ef0-45da07e8c449.png)

If you translate it step-by-step with Deepl you will see they seem to talk about decrypting data that should be end to end encrypted using a server RustDesk using for communicating.

Or did I (or Deepl) misunderstood something?

linsui · June 25, 2022, 3:50pm

You didn’t misunderstand it. But I don’t know what it mean. I guess there is no problem if you use your own relay server.

fdroidiordf · June 25, 2022, 4:28pm

Maybe. But most users will just download the app and use it. Without setting up their own server. And in my opinion, a working e2ee should be default for such an important task.
https://rustdesk.com/ :

Security

End-to-end encryption.

Maybe someone could check this problem and add “known vulnerability” to the description of the app?

system · August 24, 2022, 4:29pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.