Skip to main content

R-SOFT DMS CVE-2026-41879

| EUVDEUVD-2026-42857 HIGH
Use of Weak Hash (CWE-328)
2026-07-10 cvd@cert.pl GHSA-2mx5-42xw-7586
8.2
CVSS 4.0 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

AC:H because exploitation depends on first obtaining the hash (a precondition outside attacker control); confidentiality-only (C:H, I:N, A:N) as the flaw discloses superadmin credentials.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cert).

CVSS VectorVendor: cert

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 10:36 vuln.today

DescriptionCVE.org

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file.

This issue was fixed in version v3.17-2000.

AnalysisAI

Credential disclosure in R-SOFT DMS lets an attacker who obtains the stored superadmin password hash recover the plaintext password, because credentials are protected with a non-salted, nested MD5 hash that is trivially reversible via brute-force and precomputed rainbow tables. The superadmin account is high-value and cannot be rotated through the UI - the password can only be changed by editing the configuration file - so recovered credentials remain valid indefinitely. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain read access to config/DB/backup
Delivery
Extract stored superadmin hash
Exploit
Identify unsalted nested MD5
Execution
Crack offline via brute-force/rainbow table
Impact
Authenticate as superadmin

Vulnerability AssessmentAI

Exploitation The attacker must first obtain the stored superadmin password hash - from the configuration file, backend database, a backup, or memory - which is exactly the Attack Requirement (AT:P) reflected in the CVSS 4.0 vector; the vulnerability itself does not grant that hash. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 base score is 8.2 with vector AV:N/AC:L/AT:P/PR:N/UI:N/VC:H (confidentiality-only impact). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained read access to the R-SOFT DMS configuration file, database, or a backup - for example through a file-disclosure bug, misconfigured share, or insider access - extracts the stored superadmin hash. Recognizing it as an unsalted nested MD5, they crack it offline in seconds-to-minutes using GPU brute-force or a rainbow table, recover the plaintext password, and log in as superadmin. …
Remediation Vendor-released patch: v3.17-2000 - upgrade R-SOFT DMS to v3.17-2000 or later, which addresses the weak-hash storage. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all R-SOFT DMS deployments and document superadmin account usage patterns; implement network segmentation to restrict access to the DMS to authorized personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-41879 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy