**Name of the Vulnerable Software and Affected Versions:**

NetAlertX versions prior to 25.6.7

**Description:**

NetAlertX is a network, presence scanner, and alert framework. A vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes due to a loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in `front/index.php`. This allows specially crafted "magic hash" values to bypass authentication because the `==` operator, instead of the strict `===` operator, can interpret strings starting with '0e' followed by digits as scientific notation (zero). This issue is classified as a Login Bypass vulnerability. Services relying on this logic are at risk of unauthorized access. Approximately 109 services are potentially affected worldwide.

**Recommendations:**

Upgrade to NetAlertX version 25.6.7 or later.