CVE-2011-2082

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.x through 3.8.11 Best Practical Solutions RT versions 4.x through 4.0.5

Description The issue allows context-dependent attackers to determine cleartext passwords for disabled user accounts, making it easier to use these passwords after accounts are re-enabled, via a brute-force attack on the database. This is due to the vulnerable-passwords script not updating the password-hash algorithm for disabled user accounts.

Recommendations For Best Practical Solutions RT versions 3.x through 3.8.11, update to version 3.8.12 or later. For Best Practical Solutions RT versions 4.x through 4.0.5, update to version 4.0.6 or later.