Sunday, 13 May 2012 11:41

[20120304] - Core - Password Change Featured

Rate this item
(0 votes)

[20120304] - Core - Password Change

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-15

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

More in this category: « Joomla Webhoster [20120303] - Core - Privilege Escalation »

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

back to top