Domingo, 13 Mayo 2012 11:41

[20120304] - Core - Password Change Featured

Rate this item
(0 votes)

[20120304] - Core - Password Change

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-15

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.