Insecure Password-Hashing Algorithm in RT by Best Practical Solutions
CVE-2011-2082

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 4 June 2012

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2011-2082?

The vulnerable-passwords script in RT (Request Tracker) by Best Practical Solutions fails to properly update the password-hash algorithm for accounts that are disabled. This flaw allows context-dependent attackers to potentially discover cleartext passwords through brute-force attacks on the database. If these accounts are later re-enabled, the compromised passwords may be exploited, which poses a significant security risk. This vulnerability arises from an incomplete fix for a previous issue, highlighting the need for vigilance in password management and security protocols.

References

http://lists.bestpractical.com/pipermail/rt-announce/2012...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/49259

third-party-advisoryx_refsource_SECUNIA

http://lists.bestpractical.com/pipermail/rt-announce/2012...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2012
Vulnerability Reserved
May 13, 2011

CVE-2011-2082 Data

JSON