CVE-2026-45027
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
| CWE-759 | The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in WeGIA versions prior to 3.7.3 where the application hashes user passwords using PHP's hash() function with the SHA-256 algorithm without applying a salt. This means that when a user logs in or changes their password, the password is hashed in a way that is fast but not secure for password storage.
Because no salt is used, identical passwords produce identical hash digests. This makes the stored password hashes vulnerable to attacks using precomputed rainbow tables, which can quickly reveal the original passwords from their hashes.
This vulnerability was fixed in version 3.7.3 of WeGIA.
How can this vulnerability impact me? :
This vulnerability can lead to the compromise of user passwords stored in the system. Because the password hashes are generated without a salt and using a fast hashing algorithm, attackers can use precomputed rainbow tables to reverse the hashes and obtain the original passwords.
If an attacker gains access to the password hash database, they can potentially recover many user passwords, leading to unauthorized access to user accounts and sensitive information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade WeGIA to version 3.7.3 or later, where the issue with unsalted SHA-256 password hashing is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves storing passwords as unsalted SHA-256 hashes, which allows attackers to recover plaintext passwords offline with minimal effort. This weak password hashing practice increases the risk of unauthorized access to user data.
Such a weakness can lead to non-compliance with common security standards and regulations like GDPR and HIPAA, which require adequate protection of personal and sensitive data, including strong password storage mechanisms to prevent data breaches.
Failure to properly secure passwords may result in violations of confidentiality requirements, potentially leading to legal and regulatory consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the password storage mechanism in the WeGIA application database, specifically the `pessoa` table, to check if passwords are stored as unsalted SHA-256 hashes.
Additionally, reviewing the source code files `html/login.php` and `controle/FuncionarioControle.php` for the use of PHP's hash() function with SHA-256 and no salt during password hashing can confirm the presence of the vulnerability.
To detect the vulnerability on your system, you can run SQL queries to extract password hashes from the `pessoa` table and analyze their format and hashing method.
- Example SQL command to extract password hashes: SELECT password_column FROM pessoa;
- Check the application source code for hashing calls, e.g., grep -r "hash('sha256'" ./html/login.php ./controle/FuncionarioControle.php
Note that the proof of concept uses MariaDB's XPATH truncation behavior to extract full SHA-256 hashes, which may require specialized queries or scripts to detect.