oss-sec mailing list archives
Re: Joomla 1.5.x core.
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 14 Aug 2008 19:41:16 -0400 (EDT)
====================================================== Name: CVE-2008-3681 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3681 Reference: MILW0RM:6234 Reference: URL:http://www.milw0rm.com/exploits/6234 Reference: CONFIRM:http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html Reference: BID:30667 Reference: URL:http://www.securityfocus.com/bid/30667 Reference: SECTRACK:1020687 Reference: URL:http://www.securitytracker.com/id?1020687 Reference: SECUNIA:31457 Reference: URL:http://secunia.com/advisories/31457 components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly restrict access, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
Current thread:
- Joomla 1.5.x core. Emanuele Gentili (Aug 12)
- Re: Joomla 1.5.x core. Nico Golde (Aug 13)
- Re: Joomla 1.5.x core. Steven M. Christey (Aug 14)
- Re: Joomla 1.5.x core. Nico Golde (Aug 13)