Wednesday, August 13, 2008

Joomla! Password Reset/Remind Functionality vulnerability - update asap!

There was a serious security vulnerability found in the popular CMS-software Joomla! (1.5.x, including 1.5.5).
The vulnerability/bug resides in the 'com_user/models/reset.php' where It allows an attacker to remotely change your Joomla administration password since it can reset the password for the first enabled user (admin user).



The exploit can be found here. It already affected a lot of Joomla! users. Example.
So if you are running Joomla! (1.5.x, including 1.5.5) then you should update asap to version 1.5.6 or newer.

More info here

Related Posts by Categories



Posted by miekiemoes on 2:43 PM
Labels: ,

Comments (3)

Loading... Logging you in...
Dashboard | Edit profile | Logout
  • Logged in as
+3 Vote up Vote down
Clive's avatar

Clive · 868 weeks ago

Thank you for this post! I was unfortunately one of the victims of this attack. I fixed it already. Spread the news!!
+3 Vote up Vote down
Yustian's avatar - Go to profile

Yustian · 849 weeks ago

I already fix it with upgrade to jooma 5.7 and then change my link administrator with other link e.g. http://mysite/administrator/pleasein.php . But thanx with you information :)
+3 Vote up Vote down
website development's avatar - Go to profile

website development · 672 weeks ago

Thank you for posting this blog. I really enjoyed it, and subscribed to my email list. I will also send it to my friend and publish on my facebook wall.

Post a new comment

Comments by

Subscribe to: