Weak Password Storage in R-SOFT DMS Exposes Superadmin Credentials
CVE-2026-41879
8.2HIGH
What is CVE-2026-41879?
R-SOFT DMS has a significant security flaw where it stores superadmin credentials using a non-salted nested MD5 hash. This vulnerability enables malicious actors who manage to obtain the password hash to decode the superadmin credentials easily. Moreover, changing these passwords requires editing the configuration file directly, adding an additional layer of risk. Users are advised to update to version v3.17-2000 for protections against this vulnerability.
Affected Version(s)
DMS 0
