AndSoft e-TMS Password Hashing Vulnerability

A vulnerability exists in AndSoft's e-TMS version 25.03 due to the use of MD5 for password encryption. MD5 is widely recognized as a weak hash algorithm, no longer deemed secure for password storage or transmission. It is susceptible to collision attacks and can be easily compromised with modern hardware, putting user credentials at risk.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, as passwords hashed with MD5 can be easily cracked, allowing attackers to retrieve and use the passwords for malicious purposes.

Remediation

Users can upgrade to AndSoft e-TMS versions VNL 25001 or VNL 25010, both released in January 2025, to address this vulnerability. As of version 25.04, the vulnerability has been completely fixed. AndSoft conducts annual penetration testing on e-TMS to ensure its security, with the latest test completed in June 2025.