Lennoncmj

Name of the Vulnerable Software and Affected Versions: DoraCMS versions 2.1.1 and earlier Description: The issue is related to weak encoding for passwords, which makes them susceptible to dictionary attacks due to the lack of a random salt or IV in its AES-CBC encryption. This allows attackers to obtain sensitive information. Recommendations: For versions 2.1.1 and earlier, update to a version that implements a secure password encryption method, utilizing a random salt or IV for AES-CBC encryption to prevent dictionary attacks.

**Name of the Vulnerable Software and Affected Versions** CMSWing version 1.3.7 **Description** The issue concerns the password hashing mechanism in CMSWing, where the global.encryptPassword function in bootstrap/global.js relies on multiple MD5 operations. This could potentially lead to security weaknesses. **Recommendations** For CMSWing version 1.3.7, consider updating the password hashing mechanism to use a more secure algorithm, as relying on multiple MD5 operations may not provide sufficient security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotels Server versions through 2018-11-05 **Description** The issue concerns password storage protection in Hotels Server. It relies on base64 encoding, which is insufficient for secure password storage. **Recommendations** For versions through 2018-11-05, consider implementing a secure password hashing algorithm to protect password storage, as relying on base64 encoding is not sufficient. At the moment, there is no information about a newer version that contains a fix for this vulnerability.