Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phenotype_cms | Phenotype-cms | * | 2.8 (including) |
Phenotype_cms | Phenotype-cms | 1.0 (including) | 1.0 (including) |
Phenotype_cms | Phenotype-cms | 2.0 (including) | 2.0 (including) |
Phenotype_cms | Phenotype-cms | 2.1 (including) | 2.1 (including) |
Phenotype_cms | Phenotype-cms | 2.2 (including) | 2.2 (including) |
Phenotype_cms | Phenotype-cms | 2.3 (including) | 2.3 (including) |
Phenotype_cms | Phenotype-cms | 2.4 (including) | 2.4 (including) |
Phenotype_cms | Phenotype-cms | 2.5 (including) | 2.5 (including) |
Phenotype_cms | Phenotype-cms | 2.5.1 (including) | 2.5.1 (including) |
Phenotype_cms | Phenotype-cms | 2.6 (including) | 2.6 (including) |
Phenotype_cms | Phenotype-cms | 2.7 (including) | 2.7 (including) |