Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2082

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2082
Last Modified 28 Sep 2012 11:09:07
Published 04 Jun 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2082

Summary

The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.

Vulnerable Systems

Application

  • Bestpractical Rt 3.0.0

  • Bestpractical Rt 3.0.1

  • Bestpractical Rt 3.0.10

  • Bestpractical Rt 3.0.11

  • Bestpractical Rt 3.0.12

  • Bestpractical Rt 3.0.2

  • Bestpractical Rt 3.0.3

  • Bestpractical Rt 3.0.4

  • Bestpractical Rt 3.0.5

  • Bestpractical Rt 3.0.6

  • Bestpractical Rt 3.0.7

  • Bestpractical Rt 3.0.7.1

  • Bestpractical Rt 3.0.8

  • Bestpractical Rt 3.0.9

  • Bestpractical Rt 3.1.10

  • Bestpractical Rt 3.1.11

  • Bestpractical Rt 3.1.12

  • Bestpractical Rt 3.1.13

  • Bestpractical Rt 3.1.14

  • Bestpractical Rt 3.1.15

  • Bestpractical Rt 3.1.16

  • Bestpractical Rt 3.1.17

  • Bestpractical Rt 3.1.2

  • Bestpractical Rt 3.1.3

  • Bestpractical Rt 3.1.4

  • Bestpractical Rt 3.1.5

  • Bestpractical Rt 3.1.6

  • Bestpractical Rt 3.1.7

  • Bestpractical Rt 3.1.8

  • Bestpractical Rt 3.2.0

  • Bestpractical Rt 3.2.1

  • Bestpractical Rt 3.2.2

  • Bestpractical Rt 3.2.3

  • Bestpractical Rt 3.4.0

  • Bestpractical Rt 3.4.1

  • Bestpractical Rt 3.4.2

  • Bestpractical Rt 3.4.3

  • Bestpractical Rt 3.4.4

  • Bestpractical Rt 3.4.5

  • Bestpractical Rt 3.4.6

  • Bestpractical Rt 3.4.7

  • Bestpractical Rt 3.5.1

  • Bestpractical Rt 3.5.2

  • Bestpractical Rt 3.5.3

  • Bestpractical Rt 3.5.4

  • Bestpractical Rt 3.5.5

  • Bestpractical Rt 3.5.6

  • Bestpractical Rt 3.5.7

  • Bestpractical Rt 3.6.0

  • Bestpractical Rt 3.6.1

  • Bestpractical Rt 3.6.10

  • Bestpractical Rt 3.6.2

  • Bestpractical Rt 3.6.3

  • Bestpractical Rt 3.6.4

  • Bestpractical Rt 3.6.5

  • Bestpractical Rt 3.6.6

  • Bestpractical Rt 3.6.7

  • Bestpractical Rt 3.6.8

  • Bestpractical Rt 3.6.9

  • Bestpractical Rt 3.7.1

  • Bestpractical Rt 3.7.5

  • Bestpractical Rt 3.7.80

  • Bestpractical Rt 3.7.85

  • Bestpractical Rt 3.7.86

  • Bestpractical Rt 3.8.0

  • Bestpractical Rt 3.8.1

  • Bestpractical Rt 3.8.10

  • Bestpractical Rt 3.8.11

  • Bestpractical Rt 3.8.12

  • Bestpractical Rt 3.8.2

  • Bestpractical Rt 3.8.3

  • Bestpractical Rt 3.8.4

  • Bestpractical Rt 3.8.5

  • Bestpractical Rt 3.8.6

  • Bestpractical Rt 3.8.7

  • Bestpractical Rt 3.8.8

  • Bestpractical Rt 3.8.9

  • Bestpractical Rt 4.0.0

  • Bestpractical Rt 4.0.1

  • Bestpractical Rt 4.0.2

  • Bestpractical Rt 4.0.3

  • Bestpractical Rt 4.0.4

  • Bestpractical Rt 4.0.5


References

MLIST - [rt-announce] 20120522 RT 4.0.6 Released - Security Release

MLIST - [rt-announce] 20120522 RT 3.8.12 Released - Security Release

MLIST - [rt-announce] 20120522 Security vulnerabilities in RT

BID - 53660

SECUNIA - 49259


Last Updated: 27 May 2016 10:49:36