CVE-2026-53692
MediumCVSS 5.9Summary
Redeight CMS version 1.0 stores user passwords using the MD5 algorithm without a salt. MD5 is a cryptographically broken algorithm and the lack of salting allows attackers to easily reverse the hashes using rainbow tables.
Risk Assessment
Attackers who obtain the password hashes can quickly recover plaintext credentials, leading to account takeover and potential compromise of the entire system.
Recommendation
Immediately change the password storage method to a secure salted algorithm such as bcrypt, Argon2, or PBKDF2, and force a password reset for all users.
Original NVD description (English source)
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

