Launchpad CVE tracker

CVE 2011-0009

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

Related bugs and status

CVE-2011-0009 (Candidate) is related to these bugs:

Bug #750339: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8

		In	Importance	Status
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu)	Medium	Won't Fix
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu Maverick)	Undecided	Fix Released
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu Natty)	Undecided	Fix Released
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu Oneiric)	Medium	Fix Released
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu Hardy)	Undecided	Invalid
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.8 (Ubuntu Lucid)	Undecided	Fix Released
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu)	Undecided	Invalid
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu Hardy)	Undecided	Won't Fix
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu Lucid)	Undecided	Invalid
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu Maverick)	Undecided	Invalid
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu Natty)	Undecided	Invalid
750339	Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8	request-tracker3.6 (Ubuntu Oneiric)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0009

References