Primary

Context

GUnet OpenEclass Plaintext Password Storage Vulnerability

Vulnerability

A vulnerability exists in GUnet OpenEclass version 1.7.3, where user credentials are stored in plaintext. This allows administrators to access all registered users' usernames and passwords without any encryption. The vulnerability increases the risk of credential theft and unauthorized access.

Impact

Exploitation of this vulnerability leads to unauthorized access to user accounts, with the potential for further exploitation of authenticated user privileges.

Reproduction

To reproduce this vulnerability, log into the GUnet OpenEclass platform as an administrator. Navigate to the 'listusers.php' admin module, where all registered users' credentials can be viewed in plaintext. Alternatively, this vulnerability can be exploited through an unauthenticated blind SQL injection, which extracts administrator credentials from the database. After obtaining admin rights, the same plaintext password storage vulnerability can be accessed.

Added: Feb 3, 2026, 7:06 PM

Updated: Feb 3, 2026, 7:06 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

6.3

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

6.3

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GUnet OpenEclass Plaintext Password Storage Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

GUnet OpenEclass

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating