cbcvebase.
CVE-2011-2082
published 2012-06-04

CVE-2011-2082: The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled…

PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.19%
64.1th percentile
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.

Affected

84 ranges· showing 25
VendorProductVersion rangeFixed in
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt
bestpracticalrt

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.