Sante PACS Server SHA1 Hash Truncation Vulnerability

A vulnerability exists in Sante PACS Server 4.1.0, where the password of a web user is processed in a way that leads to hash truncation. The password is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table of the SQLite database HTTP.db. However, if the hash contains a zero byte, the encoded and stored hash length is truncated, creating a potential for hash collision attacks. An unauthenticated remote attacker can exploit this vulnerability by leveraging a path traversal vulnerability to download the HTTP.db file and find a user with a truncated password hash, then calculate the corresponding password equivalent.

Impact

Exploitation of this vulnerability allows for hash collision attacks, where an attacker can find password equivalents for truncated SHA1 hashes, potentially leading to unauthorized access.

Reproduction

To reproduce this vulnerability, first exploit the path traversal information disclosure vulnerability (CVE-2025-2264) to download the HTTP.db file from the Sante PACS Server web application. Once the database file is obtained, look for a user with a truncated password hash in the USER table. If such a hash is found, use a provided Python script to calculate the equivalent password, which can be done in a feasible time frame.

Remediation

Users are advised to upgrade to Sante PACS Server version 4.2.0 or later.