Wednesday, August 13, 2008

Joomla! Password Reset/Remind Functionality vulnerability - update asap!

There was a serious security vulnerability found in the popular CMS-software Joomla! (1.5.x, including 1.5.5).
The vulnerability/bug resides in the 'com_user/models/reset.php' where It allows an attacker to remotely change your Joomla administration password since it can reset the password for the first enabled user (admin user).

The exploit can be found here. It already affected a lot of Joomla! users. Example.
So if you are running Joomla! (1.5.x, including 1.5.5) then you should update asap to version 1.5.6 or newer.

More info here

Related Posts by Categories