CVE-2011-0009

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

Date published : 2011-01-25

http://www.securityfocus.com/bid/45959

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850