Vulnerabilities > CVE-2011-0009 - Cryptographic Issues vulnerability in Bestpractical RT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2480.NASL description Several vulnerabilities were discovered in Request Tracker, an issue tracking system : - CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. - CVE-2011-2083 Several cross-site scripting issues have been discovered. - CVE-2011-2084 Password hashes could be disclosed by privileged users. - CVE-2011-2085 Several cross-site request forgery vulnerabilities have been found. If this update breaks your setup, you can restore the old behaviour by setting $RestrictReferrer to 0. - CVE-2011-4458 The code to support variable envelope return paths allowed the execution of arbitrary code. - CVE-2011-4459 Disabled groups were not fully accounted as disabled. - CVE-2011-4460 SQL injection vulnerability, only exploitable by privileged users. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The last seen 2020-03-17 modified 2012-06-29 plugin id 59758 published 2012-06-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59758 title Debian DSA-2480-4 : request-tracker3.8 - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E0A969E4A51211E190B4E0CB4E266481.NASL description BestPractical report : Internal audits of the RT codebase have uncovered a number of security vulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.12, 4.0.6, and the below patches include the following : The previously released tool to upgrade weak password hashes as part of CVE-2011-0009 was an incomplete fix and failed to upgrade passwords of disabled users. RT versions 3.0 and above contain a number of cross-site scripting (XSS) vulnerabilities which allow an attacker to run JavaScript with the user last seen 2020-06-01 modified 2020-06-02 plugin id 59283 published 2012-05-29 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59283 title FreeBSD : RT -- Multiple Vulnerabilities (e0a969e4-a512-11e1-90b4-e0cb4e266481) NASL family Fedora Local Security Checks NASL id FEDORA_2011-1677.NASL description - Bug #672257 - CVE-2011-0009 RT3: Insecure hashing algorithm used for storage of user passwords [fedora-all] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52518 published 2011-03-03 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52518 title Fedora 15 : rt3-3.8.9-1.fc15 (2011-1677) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2150.NASL description It was discovered that Request Tracker, an issue tracking system, stored passwords in its database by using an insufficiently strong hashing method. If an attacker would have access to the password database, he could decode the passwords stored in it. last seen 2020-03-17 modified 2011-01-25 plugin id 51665 published 2011-01-25 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51665 title Debian DSA-2150-1 : request-tracker3.6 - unsalted password hashing
References
- http://www.vupen.com/english/advisories/2011/0190
- http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
- https://bugzilla.redhat.com/show_bug.cgi?id=672250
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850
- http://www.securityfocus.com/bid/45959
- http://www.debian.org/security/2011/dsa-2150
- http://osvdb.org/70661
- http://www.vupen.com/english/advisories/2011/0475
- http://secunia.com/advisories/43438
- http://www.vupen.com/english/advisories/2011/0576
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E