Potential Trust Issue in RustDesk by RustDesk Technologies
CVE-2024-25140
9.8CRITICAL
What is CVE-2024-25140?
A default installation of RustDesk version 1.2.3 on Windows includes a WDKTestCert certificate within the Trusted Root Certification Authorities that is intended for code signing. This certificate, valid until 2033, raises concerns especially given the lack of publicly documented security measures regarding the private key's protection. If this private key is compromised, it could allow unauthorized users to sign arbitrary software, creating significant security vulnerabilities. The vendor has noted the use of this test certificate as a workaround due to the absence of an Extended Validation (EV) certificate, with the user interface of RustDesk clearly indicating this installation step during the setup process.
