Delsploit

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.27 **Description** Cacti provides an operational monitoring and fault management framework. The issue lies in the `compat password verify` function, where md5-hashed user input is compared with the correct password in the database using a loose comparison (`$md5 == $hash`), which is a type juggling vulnerability. This vulnerability affects versions prior to 1.2.27. **Recommendations** For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider modifying the `compat password verify` function to use a strict comparison (`===`) instead of a loose comparison (`==`). Restrict access to the `compat password verify` function to minimize the risk of exploitation.