Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4...
Moderate severity
Unreviewed
Published
Jun 26, 2026
to the GitHub Advisory Database
•
Updated Jun 29, 2026
Description
Published by the National Vulnerability Database
Jun 26, 2026
Published to the GitHub Advisory Database
Jun 26, 2026
Last updated
Jun 29, 2026
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
References