Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4905)