{"id":24236,"date":"2025-06-27T16:07:37","date_gmt":"2025-06-27T14:07:37","guid":{"rendered":"https:\/\/herolab.usd.de\/security-advisories\/usd-2025-0023\/"},"modified":"2025-07-01T10:20:36","modified_gmt":"2025-07-01T08:20:36","slug":"usd-2025-0023","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2025-0023\/","title":{"rendered":"usd-2025-0023"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.25.2\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n<h1>usd-2025-0023 | Agorum core open 11.9.1.3-1857 - Plaintext Storage of a Password<\/h1>\n<h1><\/h1>\n<p><strong>Product<\/strong>: Agorum core open<br \/><strong>Affected Version<\/strong>: 11.9.1.3-1857<br \/><strong>Vulnerability Type<\/strong>: Plaintext Storage of a Password (CWE-256)<br \/><strong>Security Risk<\/strong>: High<br \/><strong>Vendor<\/strong>: Agorum<br \/><strong>Vendor URL<\/strong>: <a href=\"https:\/\/www.agorum.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.agorum.com\/<\/a><br \/><strong>Vendor acknowledged vulnerability<\/strong>: Yes<br \/><strong>Vendor Status<\/strong>: Fixed<br \/><strong>CVE Number<\/strong>: Requested<br \/><strong>CVE Link<\/strong>: Requested<br \/><strong>Advisory ID<\/strong>: usd-2025-0023<\/p>\n<h3>Description<\/h3>\n<p><!-- add a description of the application and vulnerability -->agorum core is an open-source Enterprise Content Management (ECM) system developed by agorum Software GmbH in Germany. It offers a modular, highly customizable platform for document management, workflow automation, and digital collaboration.<\/p>\n<h3>Proof of Concept<\/h3>\n<p><!-- describe how the vulnerability can be exploited, feel free to add supporting images etc. -->During the installation process, the system administrator must define passwords for the <em>mainadmin<\/em>, <em>demo<\/em>, and <em>database<\/em> users. Upon successful installation, a datasheet will be created in the <strong>agorumcore\/doc<\/strong> directory. The <strong>agorum-core-datasheet.txt<\/strong> contains the previously defined passwords in plaintext:<\/p>\n<div class=\"codehilite\" style=\"background: #263238;color: #eff\">\n<pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>Datasheet agorum core:<br \/>Directories and Scripts:<br \/>  Installdirectory:<br \/>                \/opt\/agorum\/agorumcore<br \/>  Backupdirectory:<br \/>                 \/opt\/agorum\/agorumcore\/backup<br \/>  Start-\/Stop- agorum core:<br \/>        \/opt\/agorum\/agorumcore\/scripts\/agorumcore start\/stop<br \/>  Backup-Script:<br \/>        \/opt\/agorum\/agorumcore\/scripts\/agorumcorebackupAccess\/Protocols:<br \/>  Web-Portal (secure):<br \/>        [https:\/\/172.17.0.1:443]()<br \/>  Web-Portal (unsecure):<br \/>        [http:\/\/172.17.0.1:81]()<br \/>  Networkdrive (DMS Filearea):<br \/>     \\\\\\\\172.17.0.1\\\\dms<br \/>  Networkdrive (My area):<br \/>      \\\\\\\\172.17.0.1\\\\private<br \/>  FTP Access:<br \/>                  172.17.0.1:21<br \/>  IMAP-Interface:<br \/>                  172.17.0.1:143<br \/>  SMTP-Interface:<br \/>                  172.17.0.1:2501<br \/>  Mail-Domain:<br \/>                     agorumcore.com<br \/>  SMTP-Server:<br \/>                     localhost:25<br \/>  SMTP-User:<br \/>  SMTP-Password:<br \/>Access data agorum core:<br \/>  Username (Mainadmin):<br \/>      roi  Password (Mainadmin: roi):<br \/>      Changeme123456<br \/>  Username (Demo):<br \/>      demo  Password  (Demo):<br \/>      demoAccess database (mysql):<br \/>  database-Username: root  <br \/>  database-Password: Changeme123456<br \/>  database-Host: localhost<br \/>  database-Port: 3306<br \/>  Miscellaneous Ports:<br \/>  agorum core SessionUnlock Port:  17676<br \/>  JBoss RMI Port:                  31098<br \/>  JBoss JNP Port:                  31099<br \/>  JBoss RMI-Object Port:           34444<br \/>  JBoss Pooled-Invoker Port:       34445<br \/>  JBoss WebService Port:           38083<br \/>  JBoss UIL2 Port:                 38093<br \/>  OpenOffice Port:                 8100<\/pre>\n<\/div>\n<p>Storing passwords in plaintext poses a significant security risk, particularly when combined with other vulnerabilities. This practice exposes sensitive user credentials to unauthorized access and can lead to a range of severe consequences, especially when attackers can easily exploit other vulnerabilities without needing authentication.<\/p>\n<h3>Fix<\/h3>\n<p><!-- how the vendor can fix the vulnerability.--><br \/><!-- if you recommended a quick workaround to the customer (and they are fine with you including it here!) feel free to add this information as well -->It is recommended that passwords be securely hashed using strong cryptographic algorithms to ensure they are never stored in plaintext.<\/p>\n<p>&nbsp;<\/p>\n<p>Users of agorum core open should upgrade to versions 11.9.2 or 11.10.1.<\/p>\n<h3>References<\/h3>\n<p><!-- add references to the application and vulnerability.--><\/p>\n<ul>\n<li><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/256.html\" title=\"https:\/\/cwe.mitre.org\/data\/definitions\/256.html\" target=\"_blank\" rel=\"noopener\">https:\/\/cwe.mitre.org\/data\/definitions\/256.html<\/a><\/li>\n<\/ul>\n<h3>Timeline<\/h3>\n<ul>\n<li><strong>2025-05-05<\/strong>: First contact request via mail.<\/li>\n<li><strong>2025-05-05<\/strong>: The vendor has confirmed the delivery and has begun investigating the matter.<\/li>\n<li><strong>2025-05-07<\/strong>: The vendor has begun addressing and fixing the issue.<\/li>\n<li><strong>2025-05-15<\/strong>: The vendor has addressed and fixed the vulnerability within the cloud instances.<\/li>\n<li><strong>2025-05-30<\/strong>: The vendor released fixed versions 11.9.2 and 11.10.1.<\/li>\n<li><strong>2025-06-27<\/strong>: This advisory is published.<\/li>\n<\/ul>\n<h3>Credits<\/h3>\n<p><!-- add the names of the persons that discovered the vulnerability. This information will be sent to the vendor and published on the HeroLab blog -->This security vulnerability was identified by Jakob Steeg, Roman Hergenreder, Florian Kimmes, Kai Glauber, DR and Ole Wagner of usd AG.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2025-0023 | Agorum core open 11.9.1.3-1857 - Plaintext Storage of a Password Product: Agorum core openAffected Version: 11.9.1.3-1857Vulnerability Type: Plaintext Storage of a Password (CWE-256)Security Risk: HighVendor: AgorumVendor URL: https:\/\/www.agorum.com\/Vendor acknowledged vulnerability: YesVendor Status: FixedCVE Number: RequestedCVE Link: RequestedAdvisory ID: usd-2025-0023 Description agorum core is an open-source Enterprise Content Management (ECM) system developed by agorum [&hellip;]<\/p>\n","protected":false},"author":118,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-24236","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/24236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/118"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=24236"}],"version-history":[{"count":3,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/24236\/revisions"}],"predecessor-version":[{"id":24240,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/24236\/revisions\/24240"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=24236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}