PT-2026-57148 · Unknown · R-Soft Dms
Marek Figielski
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-41879
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
R-SOFT DMS versions prior to v3.17-2000
Description
The software stores superadmin credentials using a non-salted nested MD5 hash in its configuration. This improper credential storage uses broken cryptography, making the password hash a recoverable secret through offline cracking and rainbow-table attacks. An attacker who obtains the stored hash—via local access, backup leaks, or file disclosure—can recover the superadmin password. This is particularly critical as the password cannot be changed through the user interface and requires modifying the configuration file. Successful exploitation leads to full administrative control over the instance, allowing for data access, tampering, and service takeover.
Recommendations
Upgrade to version v3.17-2000.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
R-Soft Dms