CVE-2026-39031
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
The vulnerability in Lansweeper lsrunase 2.0 and lsencrypt 2.0 uses RC4 encryption with a hardcoded 142-byte static key. An 8-character prefix is stored in cleartext alongside the ciphertext, allowing a local attacker to recover any encrypted password to plaintext without brute force.
Risk Assessment
The organization is at risk of credential exposure, as any user with local access can decrypt stored passwords, potentially leading to unauthorized access to systems and data.
Recommendation
Immediately update Lansweeper lsrunase and lsencrypt to versions that do not use a static RC4 key, or implement alternative secure password storage methods.
Original NVD description (English source)
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.

