✍️ Description

The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository.

🕵️‍♂️ Proof of Concept

• Execute the following PHP code:

<?php
for ( $i = 0; $i < 30; $i++ ) {
	$password = random_int( 0, 1 ) == 1 ? "alpha" : "delta";
    echo md5( $password."576hbgh6" )."</br>";
}
?&gt;

• Notice how each ciphertext is 7c062e5f87a120c6d6a27ac8bd770899 or 011b22021e8583bdfe77ac6d9b525a16 - this shows that, with a constant, non-randomized hash - ciphertexts of the same input will result in the same output - therefore rainbow tables can be generated with the hardcoded salt in mind.

💥 Impact

This vulnerability is capable of allowing attackers to generate database-effective rainbow tables.