Primary

Context

ModernWMS Password Hash Disclosure Vulnerability

Vulnerability

A vulnerability in ModernWMS version 1.0 allows unauthorized access to the MD5 hash of the administrator password and other related attributes. This issue persists even after the initial setup and password change. The vulnerability arises from excessive information exposure and inadequate access control on the '/user/list?culture=en-us' endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized users to obtain the MD5 hash of the admin password, potentially leading to password cracking and unauthorized administrative access.

Reproduction

The vulnerability can be reproduced by sending a request to the '/user/list?culture=en-us' endpoint without authentication. This can be done using a Python script that targets the specified IP address and port where the ModernWMS application is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ModernWMS Password Hash Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating