CVE-2009-2951 Information

Description

Phenotype CMS before 2.9 does not use a random salt value for password encryption which makes it easier for context-dependent attackers to determine cleartext passwords.

Reference

http://www.phenotype-cms.com/wiki/development-changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/52856