Opensourcepos Open Source Point of Sale Weak Hash Vulnerability in Employee Login Component

Vulnerability

A vulnerability exists in opensourcepos Open Source Point of Sale versions prior to 3.4.2, specifically in the Employee Login function within the app/Models/Employee.php file. This flaw allows for the use of a weak password hash, potentially enabling remote exploitation. However, the vulnerability's actual existence is uncertain, as the vendor notes that the old hash function is still present to support the upgrade path, with default passwords initially using the old hash but migrating to a newer one after login.

Impact

Exploitation of this vulnerability could lead to the use of weak password hashes, potentially allowing for easier password cracking or unauthorized access.

Added: May 18, 2026, 12:21 PM

Updated: May 18, 2026, 12:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

6.2

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

6.2

remediation

0.0

relevance

8.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Opensourcepos Open Source Point of Sale Weak Hash Vulnerability in Employee Login Component

Vulnerability

Impact

Affected Products

opensourcepos

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating