*** This bug is a security vulnerability *** You have been subscribed to a private security bug by Sam Kong (ckongyc):
Binary package hint: request-tracker3.8 All released versions of RT from 3.0.0 through 3.8.9rc1 use an insecure hashing algorithm to store user passwords. If an attacker is able to gain read access to RT's database, it would be possible for the attacker to brute-force the hash and discover users' passwords. CVE-2011-0009 has been assigned to this vulnerability. http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html http://www.debian.org/security/2011/dsa-2150.en.html ** Affects: request-tracker3.8 (Ubuntu) Importance: Undecided Status: New ** Tags: cve-2011-0009 request-tracker3.6 request-tracker3.8 rt-extension-saltedpasswords-1.1 -- Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8 https://bugs.launchpad.net/bugs/750339 You received this bug notification because you are a member of MOTU, which is a direct subscriber. -- universe-bugs mailing list universe-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/universe-bugs