Published: 25/01/2011 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Best Practical Solutions RT 3.x prior to 3.8.9rc2 and 4.x prior to 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent malicious users to determine cleartext passwords via a brute-force attack on the database.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bestpractical rt 3.5.5
bestpractical rt 3.0.4
bestpractical rt 3.2.1
bestpractical rt 3.6.0
bestpractical rt 3.4.0
bestpractical rt 3.0.8
bestpractical rt 3.4.2
bestpractical rt 3.6.4
bestpractical rt 3.8.8
bestpractical rt 3.2.0
bestpractical rt 3.1.2
bestpractical rt 3.6.6
bestpractical rt 3.4.5
bestpractical rt 3.0.2
bestpractical rt 3.5.4
bestpractical rt 3.6.7
bestpractical rt 3.0.10
bestpractical rt 3.6.2
bestpractical rt 3.2.2
bestpractical rt 3.6.3
bestpractical rt 3.1.6
bestpractical rt 3.0.11
bestpractical rt 3.8.2
bestpractical rt 3.1.11
bestpractical rt 3.1.10
bestpractical rt 3.6.5
bestpractical rt 3.8.0
bestpractical rt 3.8.1
bestpractical rt 3.1.7
bestpractical rt 3.4.4
bestpractical rt 3.8.3
bestpractical rt 3.1.13
bestpractical rt 3.4.7
bestpractical rt 3.1.16
bestpractical rt 3.2.3
bestpractical rt 3.5.3
bestpractical rt 3.0.5
bestpractical rt 3.0.0
bestpractical rt 3.4.6
bestpractical rt 3.0.3
bestpractical rt 3.4.3
bestpractical rt 3.6.9
bestpractical rt 3.6.1
bestpractical rt 3.8.4
bestpractical rt 3.0.1
bestpractical rt 3.8.5
bestpractical rt 3.5.6
bestpractical rt 3.6.8
bestpractical rt 3.0.6
bestpractical rt 3.1.8
bestpractical rt 3.8.6
bestpractical rt 3.1.12
bestpractical rt 3.1.5
bestpractical rt 3.1.17
bestpractical rt 3.0.7
bestpractical rt 3.7.86
bestpractical rt 3.0.7.1
bestpractical rt 3.7.80
bestpractical rt 3.1.15
bestpractical rt 3.0.12
bestpractical rt 3.0.9
bestpractical rt
bestpractical rt 3.7.1
bestpractical rt 3.1.3
bestpractical rt 3.4.1
bestpractical rt 3.5.7
bestpractical rt 3.7.5
bestpractical rt 3.7.85
bestpractical rt 3.5.2
bestpractical rt 3.1.4
bestpractical rt 3.8.7
bestpractical rt 3.1.14
bestpractical rt 3.5.1
bestpractical rt 4.0.0

Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users CVE-2011-2083 Several cross-site scripting issues have been discovered CVE-2011-2084 Password hashes could be ...

CWE-310 http://www.vupen.com/english/advisories/2011/0190 http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html https://bugzilla.redhat.com/show_bug.cgi?id=672250 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 http://www.securityfocus.com/bid/45959 http://www.debian.org/security/2011/dsa-2150 http://osvdb.org/70661 http://www.vupen.com/english/advisories/2011/0475 http://secunia.com/advisories/43438 http://www.vupen.com/english/advisories/2011/0576 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://nvd.nist.gov https://www.debian.org/security/./dsa-2480

CVE-2011-0009

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect