CVE-2026-41879
R-SOFT · DMS
R-SOFT DMS stores superadmin credentials using an insecure, non-salted nested MD5 hash, rendering them susceptible to offline cracking attacks.
Executive summary
R-SOFT DMS suffers from a weak credential storage vulnerability where superadmin passwords are protected by non-salted nested MD5 hashes, facilitating potential unauthorized administrative access.
Vulnerability
The application utilizes a weak cryptographic hash function (CWE-328) to store administrative passwords. By failing to use a unique salt, the system is highly vulnerable to precomputed hash attacks (rainbow tables) or brute-force cracking if the database is accessed.
Business impact
A successful compromise of the superadmin credentials grants an attacker full control over the DMS platform, leading to unauthorized data access, system configuration changes, and potential administrative takeover. The CVSS score of 8.2 underscores the severity of this design flaw, which directly undermines the security foundation of the application.
Remediation
Immediate Action: Update the R-SOFT DMS software to version 3.17-2000 or later, which addresses the credential storage implementation.
Proactive Monitoring: Audit database access logs for unauthorized queries and monitor for any unusual administrative activity that could indicate account compromise.
Compensating Controls: Ensure the database containing the hashes is protected with strict access controls and encryption at rest to mitigate the risk of the database being exfiltrated.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Weak cryptographic practices pose a fundamental risk to any system. Administrators must treat this as a high-priority update to ensure that administrative credentials are stored using modern, secure hashing algorithms, thereby preventing unauthorized access to the application.