Llimit character set, case insensitivity and fast encryption algorythm allow password bruteforcing.
vulners.com/securityvulns/securityvulns:doc:3811