usd-2025-0023 | Agorum core open 11.9.1.3-1857 - Plaintext Storage of a Password
Product: Agorum core open
Affected Version: 11.9.1.3-1857
Vulnerability Type: Plaintext Storage of a Password (CWE-256)
Security Risk: High
Vendor: Agorum
Vendor URL: https://www.agorum.com/
Vendor acknowledged vulnerability: Yes
Vendor Status: Fixed
CVE Number: CVE-2025-52164
CVE Link: https://www.cve.org/CVERecord?id=CVE-2025-52164
Advisory ID: usd-2025-0023
Description
agorum core is an open-source Enterprise Content Management (ECM) system developed by agorum Software GmbH in Germany. It offers a modular, highly customizable platform for document management, workflow automation, and digital collaboration.
Proof of Concept
During the installation process, the system administrator must define passwords for the mainadmin, demo, and database users. Upon successful installation, a datasheet will be created in the agorumcore/doc directory. The agorum-core-datasheet.txt contains the previously defined passwords in plaintext:
Datasheet agorum core: Directories and Scripts: Installdirectory: /opt/agorum/agorumcore Backupdirectory: /opt/agorum/agorumcore/backup Start-/Stop- agorum core: /opt/agorum/agorumcore/scripts/agorumcore start/stop Backup-Script: /opt/agorum/agorumcore/scripts/agorumcorebackupAccess/Protocols: Web-Portal (secure): [https://172.17.0.1:443]() Web-Portal (unsecure): [http://172.17.0.1:81]() Networkdrive (DMS Filearea): \\\\172.17.0.1\\dms Networkdrive (My area): \\\\172.17.0.1\\private FTP Access: 172.17.0.1:21 IMAP-Interface: 172.17.0.1:143 SMTP-Interface: 172.17.0.1:2501 Mail-Domain: agorumcore.com SMTP-Server: localhost:25 SMTP-User: SMTP-Password: Access data agorum core: Username (Mainadmin): roi Password (Mainadmin: roi): Changeme123456 Username (Demo): demo Password (Demo): demoAccess database (mysql): database-Username: root database-Password: Changeme123456 database-Host: localhost database-Port: 3306 Miscellaneous Ports: agorum core SessionUnlock Port: 17676 JBoss RMI Port: 31098 JBoss JNP Port: 31099 JBoss RMI-Object Port: 34444 JBoss Pooled-Invoker Port: 34445 JBoss WebService Port: 38083 JBoss UIL2 Port: 38093 OpenOffice Port: 8100
Storing passwords in plaintext poses a significant security risk, particularly when combined with other vulnerabilities. This practice exposes sensitive user credentials to unauthorized access and can lead to a range of severe consequences, especially when attackers can easily exploit other vulnerabilities without needing authentication.
Fix
It is recommended that passwords be securely hashed using strong cryptographic algorithms to ensure they are never stored in plaintext.
Users of agorum core open should upgrade to versions 11.9.2 or 11.10.1.
References
Timeline
- 2025-05-05: First contact request via mail.
- 2025-05-05: The vendor has confirmed the delivery and has begun investigating the matter.
- 2025-05-07: The vendor has begun addressing and fixing the issue.
- 2025-05-15: The vendor has addressed and fixed the vulnerability within the cloud instances.
- 2025-05-30: The vendor released fixed versions 11.9.2 and 11.10.1.
- 2025-06-27: This advisory is published.
Credits
This security vulnerability was identified by Jakob Steeg, Roman Hergenreder, Florian Kimmes, Kai Glauber, DR and Ole Wagner of usd AG.