The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository.
<?php
for ( $i = 0; $i < 30; $i++ ) {
$password = random_int( 0, 1 ) == 1 ? "alpha" : "delta";
echo md5( $password."576hbgh6" )."</br>";
}
?>
7c062e5f87a120c6d6a27ac8bd770899
or 011b22021e8583bdfe77ac6d9b525a16
- this shows that, with a constant, non-randomized hash - ciphertexts of the same input will result in the same output - therefore rainbow tables can be generated with the hardcoded salt in mind.This vulnerability is capable of allowing attackers to generate database-effective rainbow tables.