Frontpage

I am totally relaxed!

Because I know Joomlamonitor is working for me. Whenever my website is down, I get an instant alert (and a copy goes to my web-host too!)
Do you wanna try?

Searching for files online? File search system - best decision. Seop for search engine optimization. Now you can build a website by yourself.

[20111103] - Core - Password Change

Project: Joomla!
SubProject: All
Severity: High
Versions: 1.5.24 and all earlier 1.5 versions
Exploit type: Password Change
Reported Date: 2011-October-28
Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.5.24 and all earlier 1.5 versions

Solution

Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)

Reported by David Jardin

Contact

The JSST at the Joomla! Security Center.

Read full...

Author:

< Prev		Next >

More Articles in This Category
[20090722] - Core - File Upload [20100423] - Core - Negative Values for Limit and Offset [20120104] - Core - XSS Vulnerability [20090722] - Core - Missing JEXEC Check [20120304] - Core - Password Change	[20120103] - Core - Information Disclosure [20110408] - Core - SQL Injection [20090601] - Core - com_users XSS [20110404] - Core - XSS Vulnerabilities [20100423] - Core - Installer Migration Script