Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RustDesk 安全漏洞
Vulnerability Description
RustDesk是一款远程访问和远程控制软件,主要由 Rust 编写,可以远程维护计算机和其他设备。 RustDesk 1.2.3版本存在安全漏洞,该漏洞源于没有关于私钥安全措施的公开文档。
CVSS Information
N/A
Vulnerability Type
N/A