Joomla Security news; Core – Password Change

Programming error allows privilege escalation in some cases.Affected Installs
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.5.25 and all earlier 1.5.x versions
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-27

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s