Description
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.
Published: 2026-06-30
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Redeight CMS version 1.0 stores user passwords using the MD5 algorithm without a salt. Because MD5 is a cryptographically broken hash function and the passwords are not salted, attackers who obtain the password hashes can trivially recover the plaintext credentials by using rainbow tables. This vulnerability is categorized as CWE-328, reflecting the weak hashing algorithm used for password storage.

Affected Systems

The affected product is Redeight CMS manufactured by Redeight, specifically version 1.0.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity, and the EPSS score is not available so precise exploitation likelihood cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must gain access to the stored password hashes—either through database compromise or exported password data—to launch an attack, after which rainbow tables can quickly reveal the plaintext passwords. While the exploitation requires having the hashes, the lack of salting and weak cryptography make the attack trivial once the hashes are in hand.

Generated by OpenCVE AI on June 30, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Redeight CMS to a version that employs salted, strong password hashing such as bcrypt or Argon2
  • Reset all user passwords to enforce new hashing mechanisms after the upgrade
  • Enable multi‑factor authentication to add an additional layer of credential protection

Generated by OpenCVE AI on June 30, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Title Weak hahshing algorithm in Redeight CMS Weak hashing algorithm in Redeight CMS
Weaknesses CWE-261 CWE-328

Tue, 30 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.
Title Weak hahshing algorithm in Redeight CMS
Weaknesses CWE-261
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-30T12:35:07.712Z

Reserved: 2026-06-10T14:02:39.879Z

Link: CVE-2026-53692

cve-icon Vulnrichment

Updated: 2026-06-30T12:12:49.547Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T16:00:15Z

Weaknesses