5.5
/ 10
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Description
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
Basic Information
ID
CVE-2026-39031
Source
mitre
Published
Jun 26, 2026 at 00:00
Modified
Jun 29, 2026 at 13:37
Affected Product
Vendor
n/a
Product
n/a
Version
n/a
Affected Versions
n/a n/a n/a