RiteCMS Password Hashing Vulnerability in User Authentication

Vulnerability

A vulnerability exists in RiteCMS version 3.1.0 due to the use of weak encryption methods for password storage. This flaw allows an attacker with read access to the database (userdata.db) to recover user passwords offline using readily available hardware. The vulnerability is rooted in the password hashing function, which employs a salted SHA-1 hash—a method considered insecure by modern standards.

Impact

Exploitation of this vulnerability allows for the recovery of user passwords from the database, potentially leading to unauthorized access to user accounts.

Added: Dec 17, 2025, 7:46 PM

Updated: Dec 17, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RiteCMS Password Hashing Vulnerability in User Authentication

Vulnerability

Impact

Affected Products

handylulu RiteCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating