PT-2012-1540 · Best Practical Solutions · Rt

Published

2012-06-04

Updated

2012-09-29

CVE-2011-2082

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.x through 3.8.11 Best Practical Solutions RT versions 4.x through 4.0.5

Description The issue allows context-dependent attackers to determine cleartext passwords for disabled user accounts, making it easier to use these passwords after accounts are re-enabled, via a brute-force attack on the database. This is due to the vulnerable-passwords script not updating the password-hash algorithm for disabled user accounts.

Recommendations For Best Practical Solutions RT versions 3.x through 3.8.11, update to version 3.8.12 or later. For Best Practical Solutions RT versions 4.x through 4.0.5, update to version 4.0.6 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2011-2082

DSA-2480-1

PT-2012-1540 · Best Practical Solutions · Rt

CVE-2011-2082

Weakness Enumeration

Related Identifiers

Affected Products

References · 10