Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://www.debian.org/security/2011/dsa-2150 | vendor advisory |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 | patch |
| http://www.vupen.com/english/advisories/2011/0576 | vdb entry vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=672250 | patch |
| http://secunia.com/advisories/43438 | third party advisory vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html | vendor advisory |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html | patch mailing list |
| http://osvdb.org/70661 | vdb entry |
| http://www.vupen.com/english/advisories/2011/0190 | vdb entry vendor advisory |
| http://www.vupen.com/english/advisories/2011/0475 | vdb entry vendor advisory |
| http://www.securityfocus.com/bid/45959 | vdb entry |
| https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | mailing list |