Xtreme RAT contains a flaw that is due to the program only allowing the use of digits for passwords. This limits the potential complexity passwords, allowing remote attackers to more easily conduct brute force attacks.

The presence of this software means the host system may have been compromised through some other exploit/vulnerability. If this software was not installed by the legitimate administrator, the only way to ensure the software, and any other malicious software (malware), is completely removed is to re-install the operating system.

• Related OSVDB ID: 86829 86837 86838
• Other Advisory URL: http://matasano.com/research/PEST-CONTROL.pdf
• News Article: http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240008942/popular-rats-found-riddled-with-bugs-weak-crypto.html
• Vendor URL: https://sites.google.com/site/nxtremerat/

• Shawn Denbow - Matasano Security
• Jesse Hertz - Matasano Security

NVD does not currently have a CVSSv2 score assigned.