0.3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2005-02-14	CVE-2005-0408	Use of Password Hash With Insufficient Computational Effort vulnerability in Citrusdb 0.3.6 CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable. network low complexity citrusdb CWE-916 critical	9.8