CVE 5.5 MEDIUM

CVE-2026-39031_CVE-2026-39031

5.5 / 10
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.

Basic Information

ID CVE-2026-39031
Source mitre
Published Jun 26, 2026 at 00:00
Modified Jun 29, 2026 at 13:37

Affected Product

Vendor n/a
Product n/a
Version n/a
Affected Versions n/a n/a n/a

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.