Allow password-less access in Pro version

[andrewheberle]

When using the Pro version and creating a custom client, it is possible to preset the password and block access to settings, however this shows a scary warning to the user in the client which does not look good in a corporate environment.

It would be good to allow access without a password for members of a particular group with an extra option in the custom client builder to allow this access, or extra option via a Strategy to allow this.

The use case for this would be having some IT staff to have unattended access to users desktops based on their group membership but maybe other IT support staff would still require acceptance of the session via password or via click.

I had originally added this as a discussion item in the rustdesk/rustdesk repo but this is probably a more appropriate location.

[rustdesk]

Apologize, we can not loose this limit for the time being. I know all your concerns, but it is not enough to convince me to lose it for preventing scamming or potential vulnerability (I know you may say this is ridiculous, but we do live in a ridiculous world). This is also why we do not add password preset in strategy, https://www.reddit.com/r/rustdesk/comments/1bqg7p8/device_password_management/
#222.

Anyway, any discussions are welcome.

[andrewheberle]

I am wanting to understand how you see this being used for scamming users?

Is the attack based on tricking a user into installing a customized client that has this option set which then allows the bad actor onto the system?

In this case the bad actor must purchase a RustDesk Pro license, run their own server and distribute the customised client to their targets and convince them to run or install it...or is there another scenario you are concerned about?

[rustdesk]

This is a good suggestion, https://github.com/rustdesk/rustdesk/discussions/8573#discussioncomment-9938635

[andrewheberle]

That would be very good to have.

If the client is a custom generated client and the remote end is logged in then bypassing the password (if configured of course) would be great.

Maybe this can be limited to only some users by a group?

[rustdesk]

Close and lock to favor #286 (comment)