What did you do to cause this? nothing
What page were you on? The one with the SQL injection on it. (ticket #242)
Describe the defect: I was looking into the source code, where I noticed, that password hashes stored in database are not salted. If you use SQL injection (such as #242), you can SELECT all users and their details (including hash). Then you run the hashes through Rainbow Tables, and you'we got plaintext passwords, paired with user names and e-mails. Now you have pretty good identification of the user (email and his widely used nickname) along with one of his passwords. You can then start to look for other services (such us gmail, facebook, ...), where the user can be with the same credentials. None of this would happen, if the password hashes have been salted.