usd-2025-0023 | Agorum core open 11.9.1.3-1857 - Plaintext Storage of a Password

Product: Agorum core open
Affected Version: 11.9.1.3-1857
Vulnerability Type: Plaintext Storage of a Password (CWE-256)
Security Risk: High
Vendor: Agorum
Vendor URL: https://www.agorum.com/
Vendor acknowledged vulnerability: Yes
Vendor Status: Fixed
CVE Number: CVE-2025-52164
CVE Link: https://www.cve.org/CVERecord?id=CVE-2025-52164
Advisory ID: usd-2025-0023

Description

agorum core is an open-source Enterprise Content Management (ECM) system developed by agorum Software GmbH in Germany. It offers a modular, highly customizable platform for document management, workflow automation, and digital collaboration.

Proof of Concept

During the installation process, the system administrator must define passwords for the mainadmin, demo, and database users. Upon successful installation, a datasheet will be created in the agorumcore/doc directory. The agorum-core-datasheet.txt contains the previously defined passwords in plaintext:

Datasheet agorum core:
Directories and Scripts:
  Installdirectory:
                /opt/agorum/agorumcore
  Backupdirectory:
                 /opt/agorum/agorumcore/backup
  Start-/Stop- agorum core:
        /opt/agorum/agorumcore/scripts/agorumcore start/stop
  Backup-Script:
        /opt/agorum/agorumcore/scripts/agorumcorebackupAccess/Protocols:
  Web-Portal (secure):
        [https://172.17.0.1:443]()
  Web-Portal (unsecure):
        [http://172.17.0.1:81]()
  Networkdrive (DMS Filearea):
     \\\\172.17.0.1\\dms
  Networkdrive (My area):
      \\\\172.17.0.1\\private
  FTP Access:
                  172.17.0.1:21
  IMAP-Interface:
                  172.17.0.1:143
  SMTP-Interface:
                  172.17.0.1:2501
  Mail-Domain:
                     agorumcore.com
  SMTP-Server:
                     localhost:25
  SMTP-User:
  SMTP-Password:
Access data agorum core:
  Username (Mainadmin):
      roi  Password (Mainadmin: roi):
      Changeme123456
  Username (Demo):
      demo  Password  (Demo):
      demoAccess database (mysql):
  database-Username: root  
  database-Password: Changeme123456
  database-Host: localhost
  database-Port: 3306
  Miscellaneous Ports:
  agorum core SessionUnlock Port:  17676
  JBoss RMI Port:                  31098
  JBoss JNP Port:                  31099
  JBoss RMI-Object Port:           34444
  JBoss Pooled-Invoker Port:       34445
  JBoss WebService Port:           38083
  JBoss UIL2 Port:                 38093
  OpenOffice Port:                 8100

Storing passwords in plaintext poses a significant security risk, particularly when combined with other vulnerabilities. This practice exposes sensitive user credentials to unauthorized access and can lead to a range of severe consequences, especially when attackers can easily exploit other vulnerabilities without needing authentication.

Fix

It is recommended that passwords be securely hashed using strong cryptographic algorithms to ensure they are never stored in plaintext.

Users of agorum core open should upgrade to versions 11.9.2 or 11.10.1.

References

• https://cwe.mitre.org/data/definitions/256.html

Timeline

• 2025-05-05: First contact request via mail.
• 2025-05-05: The vendor has confirmed the delivery and has begun investigating the matter.
• 2025-05-07: The vendor has begun addressing and fixing the issue.
• 2025-05-15: The vendor has addressed and fixed the vulnerability within the cloud instances.
• 2025-05-30: The vendor released fixed versions 11.9.2 and 11.10.1.
• 2025-06-27: This advisory is published.

Credits

This security vulnerability was identified by Jakob Steeg, Roman Hergenreder, Florian Kimmes, Kai Glauber, DR and Ole Wagner of usd AG.