CVE-2019-7649

Name of the Vulnerable Software and Affected Versions CMSWing version 1.3.7

Description The issue concerns the password hashing mechanism in CMSWing, where the global.encryptPassword function in bootstrap/global.js relies on multiple MD5 operations. This could potentially lead to security weaknesses.

Recommendations For CMSWing version 1.3.7, consider updating the password hashing mechanism to use a more secure algorithm, as relying on multiple MD5 operations may not provide sufficient security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.