Open in app

Sign in

Write

Sign in

HotelDruid — Security Advisory: CVE-2024–23091 — Weak Password Hashing Using MD5

cnetsec
2 min readJul 26, 2024

--

A vulnerability has been identified in the funzioni.php file of the affected system, where MD5 is used for hashing passwords. MD5 is a cryptographic hash function that is known to be weak and susceptible to various types of attacks, such as collision, preimage, and brute-force attacks. The use of MD5 for password hashing compromises the security of user passwords, potentially allowing attackers to recover plaintext passwords from the hash values.

Affected Component:
funzioni.php

Affected Versions:
Versions prior to 1.32

Description:
The affected code in the funzioni.php file uses the MD5 algorithm for hashing passwords. Despite the inclusion of a salt in versions greater than 1.32, the inherent weaknesses of MD5 still pose a significant security risk.

if ($tipo_pass == “5”) {
 if (C_VERSIONE_ATTUALE > 1.32) {
 $salt = (string) risul_query($utente, 0, ‘salt’);
 for ($num1 = 0; $num1 < 15; $num1++)
 $password_phpr = md5($password_phpr . substr($salt, 0, (20 — $num1)));
 } else {
 $password_phpr = md5($password_phpr);
 }
}
The vulnerability occurs due to the use of MD5 salting:

Example:

Without Salting (for versions <= 1.32): $password_phpr = md5($password_phpr);
This approach is particularly weak as it does not incorporate a salt, making it susceptible to dictionary and pre-computed rainbow table attacks.
CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Impact:
An attacker who gains access to the hashed passwords can exploit this vulnerability to perform brute-force attacks, potentially recovering the original plaintext passwords. This could lead to unauthorized access to user accounts and sensitive information.

Solution:
It is recommended to replace MD5 with a more secure password hashing algorithm such as bcrypt, argon2, or scrypt. These algorithms are designed to be computationally intensive, making brute-force attacks significantly more difficult.

References:

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
This vulnerability was reported by Cnetsec

Link : https://github.com/digital-druid/hoteldruid/blob/master/includes/funzioni.php

--

--

cnetsec

Written by cnetsec

10 Followers

Cloud Native and Appsec Research

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams