Erez Kalman

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** The RustDesk Client software contains issues related to improperly controlled modification of object prototype attributes ('Prototype Pollution') and the use of a password hash with insufficient computational effort. These issues potentially allow for the retrieval of embedded sensitive data. The problems are associated with program files including `hbb common/src/password security.Rs`, `hbb common/src/config.Rs`, `hbb common/src/lib.Rs` (specifically the `get uuid` routine), and `machine-uid/src/lib.Rs`. The affected program routines include `symmetric crypt()`, `encrypt str or original()`, `decrypt str or original()`, and `get machine id()`. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Server Pro versions through 1.7.5 RustDesk Server (OSS) versions through 1.1.15 **Description** The software contains a flaw related to insufficient restriction of excessive authentication attempts and the use of a password hash with insufficient computational effort, potentially allowing password brute forcing. The issue impacts the peer authentication and API login modules. The vulnerability is linked to code within the `src/server/connection.Rs` file, specifically concerning salt and challenge generation, and the SHA256(SHA256(pwd+salt)+challenge) verification process. **Recommendations** Update RustDesk Server Pro to a version later than 1.7.5. Update RustDesk Server (OSS) to a version later than 1.1.15.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A flaw exists in RustDesk Client on Windows, MacOS, Linux, iOS, Android, and WebClient that allows manipulation of Application API Messages through a Man-in-the-Middle attack. The issue is related to program files `src/hbbs http/sync.Rs` and `hbb common/src/config.Rs`, and the `Strategy` merge loop in `sync.Rs`, as well as the `Config::set options()` routines. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A Cross-Site Request Forgery (CSRF) issue exists in RustDesk Client on Windows, MacOS, Linux, iOS, and Android. This flaw potentially allows for privilege escalation. The issue is related to the Flutter URI scheme handler and FFI bridge modules, specifically within the files `flutter/lib/common.Dart` and `src/flutter ffi.Rs`, and the routines `URI handler for rustdesk://password()` and `bind.MainSetPermanentPassword()`. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** An improper certificate validation issue exists in the RustDesk Client, potentially allowing an Adversary in the Middle (AiTM) attack. The issue is related to the handling of TLS retries and the use of `danger accept invalid certs(true)` within the `http client.Rs` file. This affects the HTTP API client and TLS transport modules on Windows, MacOS, Linux, iOS, and Android. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A cleartext transmission of sensitive information issue exists in RustDesk Client on Windows, MacOS, Linux, iOS, and Android, specifically within the Heartbeat sync loop modules. This allows for potential sniffing attacks. The issue is related to the construction of Heartbeat JSON payloads, including preset address book passwords, within the `src/hbbs http/sync.Rs` file and the `Heartbeat` routine. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Server Pro versions through 1.7.5 **Description** A security issue exists in RustDesk Server Pro related to the transmission of sensitive information in cleartext. The vulnerability is present in the address book sync API modules and allows for potential sniffing attacks. Specifically, the Heartbeat API handler (`heartbeatApiHandler()`) accepts the `preset-address-book-password` parameter in plaintext, exposing it during transmission. This affects the heartbeat sync functionality. **Recommendations** Versions prior to 1.7.6 should be updated.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A missing authorization issue exists in the RustDesk Client on Windows, MacOS, Linux, iOS, and Android. The issue allows manipulation of Application API Messages via a Man-in-the-Middle attack. The vulnerability is related to the flutter/lib/common.Dart program file and the `importConfig()` routine through a URI handler. The vulnerability allows an attacker to silently re-home the client to a server they control. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A flaw exists in RustDesk Client related to insufficient verification of data authenticity and improper handling of exceptional conditions, specifically allowing protocol manipulation. The issue resides within the heartbeat sync loop and strategy processing modules, impacting program files `src/hbbs http/sync.Rs` and the `stop-service` handler routine in the heartbeat loop. This allows for the acceptance of unauthenticated `stop-service` commands via a strategy payload. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A flaw exists in RustDesk Client on Windows, MacOS, Linux, iOS, Android, and WebClient, specifically within the client signaling, API sync loop, and config management modules. This issue allows for privilege abuse and is related to files located in src/rendezvous mediator.Rs and src/hbbs http/sync.Rs, as well as the API sync loop and api-server config handling routines. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Server versions through 1.7.5 RustDesk Server versions through 1.1.15 **Description** A missing authorization and authentication issue exists in the RustDesk Server’s Rendezvous server (hbbs) and relay server (hbbr) modules, potentially allowing privilege abuse. The issue is present in the `src/rendezvous server.rs` and `src/relay server.rs` program files, specifically within the `handle punch hole request()` function and the `RegisterPeer` handler, as well as relay forwarding routines. **Recommendations** Update RustDesk Server to a version later than 1.7.5. Update RustDesk Server to a version later than 1.1.15.

**Name of the Vulnerable Software and Affected Versions** RustDesk Server Pro versions through 1.7.5 **Description** A flaw exists in RustDesk Server Pro related to the use of a broken or risky cryptographic algorithm. This issue impacts Windows, MacOS, and Linux systems, specifically within the configuration string generation and web console export modules. The issue allows for the retrieval of embedded sensitive data through program routines related to configuration export and generation. **Recommendations** Update RustDesk Server Pro to a version later than 1.7.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A flaw exists in the cryptographic implementation of RustDesk Client that could allow retrieval of embedded sensitive data. The issue is related to program files `flutter/lib/common.Dart` and `hbb common/src/config.Rs`, and program routines `parseRustdeskUri()` and `importConfig()`. The vulnerability affects Windows, MacOS, Linux, iOS, Android, and WebClient components, specifically during configuration import, URI scheme handling, and through CLI `--config` modules. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** RustDesk Client versions through 1.4.5 **Description** A flaw exists in RustDesk Client that allows for authentication bypass through capture-replay attacks and the use of a password hash with insufficient computational effort. This impacts the client login and peer authentication modules. The issue stems from the reuse of session IDs, also known as session replay. The vulnerability is related to files within the `src/client.Rs` directory and routines such as `hash password()` and login proof construction. **Recommendations** Update RustDesk Client to a version later than 1.4.5.

Name of the Vulnerable Software and Affected Versions: ArcGIS (affected versions not specified) Description: The ArcGIS client credentials OAuth 2.0 API implementation does not adhere to the RFC/standards, allowing a requestor to request an undocumented, custom token expiration from ArcGIS. This hidden functionality enables privilege abuse, manipulating hidden fields, and configuration/environment manipulation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Documenso versions through 1.8.0 Documenso SaaS (Hosted) as of 2024-12-05 Description: The issue is related to the User Interface (UI) Misrepresentation of Critical Information in Documenso, allowing Content Spoofing. The displayed version does not show the layer flattened version. When printed, it will render the vulnerability only, and not all layers are flattened. This can be exploited to conduct spoofing attacks. Recommendations: For Documenso versions through 1.8.0: Update to a version that addresses the UI Misrepresentation issue to prevent Content Spoofing. For Documenso SaaS (Hosted) as of 2024-12-05: Contact the service provider for an update or patch that resolves the UI Misrepresentation vulnerability. As a temporary workaround, consider avoiding the use of the affected UI functionality until a patch is available. Restrict access to sensitive documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DropBox Sign(HelloSign) versions through 2024-12-04 **Description** The issue is related to a User Interface (UI) Misrepresentation of Critical Information vulnerability, allowing Content Spoofing. The displayed version does not show the layer flattened version. When printed, for example via Google Chrome by examining the print preview, it will render the vulnerability only, and not all layers are flattened. **Recommendations** For DropBox Sign(HelloSign) versions through 2024-12-04: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DocuSign versions through 2024-12-04 **Description** The issue concerns a User Interface (UI) Misrepresentation of Critical Information vulnerability that allows Content Spoofing. Specifically, the SaaS AI assistant ignores hidden content that is rendered after signing, which can mislead the user. **Recommendations** For DocuSign versions through 2024-12-04, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DocuSign versions through 2024-12-04 **Description** The issue is related to a User Interface (UI) Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not accurately represent the actual content, specifically when using the "Print" option, combined download option, or uncombined download option. The vulnerability can be observed when printing the document, for example, via Google Chrome's print preview, where only the vulnerable content is rendered, and not all layers are flattened. **Recommendations** For DocuSign versions through 2024-12-04, update to a version released after 2024-12-04 to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DocuSeal versions through 1.8.1 **Description** The issue is related to a User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal, allowing Content Spoofing. This means that the displayed version of a document does not accurately show the layer flattened version. When the document is downloaded and printed, for example via Google Chrome's print preview, it will render the vulnerability, but not all layers are flattened. **Recommendations** For versions through 1.8.1, update to a version that addresses this issue to prevent Content Spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.