[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-0009Date: (C)2011-01-25   (M)2023-12-22


Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-43438
BID-45959
OSVDB-70661
ADV-2011-0190
ADV-2011-0475
ADV-2011-0576
DSA-2150
FEDORA-2011-1677
http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850
https://bugzilla.redhat.com/show_bug.cgi?id=672250
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

CWE    1
CWE-310
OVAL    3
oval:org.secpod.oval:def:600190
oval:org.secpod.oval:def:103199
oval:org.secpod.oval:def:600815

© SecPod Technologies