Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Best Practical Solutions RT安全漏洞
Vulnerability Description
Best Practical Solutions RT是美国Best Practical Solutions公司的一套企业级的问题跟踪系统。该系统主要用于Bug跟踪、客户服务、工作流程处理、更改管理等。 Best Practical Solutions RT 3.8.12之前的3.x版本和4.0.6之前的4.x版本中的漏洞密码脚本中存在漏洞,该漏洞源于未针对禁用账户更新密码哈希算法。攻击者可利用该漏洞借助对数据库的暴力破解攻击,来确定明文密码,可能在账户重启后使用这些密码。
CVSS Information
N/A
Vulnerability Type
N/A