Description
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.
This issue was fixed in version v3.17-2000.
This issue was fixed in version v3.17-2000.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://cert.pl/posts/2026/07/CVE-2026-41876 |
|
History
Fri, 10 Jul 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000. | |
| Title | Weak password hashing in R-SOFT DMS | |
| Weaknesses | CWE-328 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-07-10T10:19:29.636Z
Reserved: 2026-04-22T11:32:15.204Z
Link: CVE-2026-41879
Updated: 2026-07-10T10:19:19.999Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-328
Use of Weak Hash