Primary

Context

Vaelsys V4 Unauthorized Access Vulnerability Leading to MD4 Hash Weakness

Vulnerability

A vulnerability in Vaelsys version 4.1.0 has been identified, allowing unauthorized access to the vgrid_server.php file. This issue arises from the MD4 Hash Handler component, where the xajaxargs argument can be manipulated to produce weak hash values. The vulnerability can be exploited remotely, although the attack's complexity is considered high.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information, specifically MD4 password hashes of all system users, which can be easily cracked due to the weakness of the MD4 hashing algorithm.

Reproduction

To reproduce this vulnerability, send a request to the vgrid_server.php file with the xajaxargs parameter. This will initiate a process that retrieves the MD4-encrypted hash values of all users' passwords, starting with the first user, typically the admin.

Added: Jul 28, 2025, 6:17 AM

Updated: Jul 28, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vaelsys V4 Unauthorized Access Vulnerability Leading to MD4 Hash Weakness

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating