Back to search
CVE-2011-2082
Published: Jun 4, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[rt-announce] 20120522 RT 3.8.12 Released - Security Release
mailing-list
x_refsource_MLIST
49259
third-party-advisory
x_refsource_SECUNIA
[rt-announce] 20120522 RT 4.0.6 Released - Security Release
mailing-list
x_refsource_MLIST
[rt-announce] 20120522 Security vulnerabilities in RT
mailing-list
x_refsource_MLIST
53660
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now