[Bug 750339] [NEW] Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Launchpad Bug Tracker
750339 at bugs.launchpad.net
Wed Apr 6 13:42:02 UTC 2011
*** This bug is a security vulnerability ***
You have been subscribed to a private security bug by Sam Kong (ckongyc):
Binary package hint: request-tracker3.8
All released versions of RT from 3.0.0 through 3.8.9rc1 use an
insecure hashing algorithm to store user passwords. If an attacker is
able to gain read access to RT's database, it would be possible for
the attacker to brute-force the hash and discover users' passwords.
CVE-2011-0009 has been assigned to this vulnerability.
http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
http://www.debian.org/security/2011/dsa-2150.en.html
** Affects: request-tracker3.8 (Ubuntu)
Importance: Undecided
Status: New
** Tags: cve-2011-0009 request-tracker3.6 request-tracker3.8 rt-extension-saltedpasswords-1.1
--
Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
https://bugs.launchpad.net/bugs/750339
You received this bug notification because you are a member of MOTU, which is a direct subscriber.
More information about the universe-bugs
mailing list