Joomla Security News

[20111103] - Core - Password Change

Project: Joomla!™SubProject: AllSeverity: HighVersions: 1.5.24 and all earlier 1.5 versionsExploit type: Password ChangeReported Date: 2011-October-28Fixed Date: 2011-November-14DescriptionWeak random number generation during password reset leads to possibility of changing a user's password.Affected InstallsJoomla!™ version 1.5.24 and all earlier 1.5 versionsSolutionUpgrade to the latest Joomla!™ 1.5 version (1.5.25 or later)Reported by Gregor Kopf and David JardinContactThe JSST at the Joomla!™ Security Center.Authors: Joomla!™ Developer

Read more Joomla!™.org/~r/Joomla!™SecurityNews/~3/nF-FZ-0jMUM/375-20111103-core-password-change.html" >http://feeds.Joomla!™.org/~r/Joomla!™SecurityNews/~3/nF-FZ-0jMUM/375-20111103-core-password-change.html