oss-sec mailing list archives

CVE request: joomla 1.5 before 1.5.25 password change vulnerability

From: Hanno Böck <hanno () hboeck de>
Date: Sun, 20 Nov 2011 12:04:57 +0100


http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change

Description
Weak random number generation during password reset leads to
possibility of changing a user's password.

Affected Installs
Joomla! version 1.5.24 and all earlier 1.5 versions

Solution
Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)



-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: joomla 1.5 before 1.5.25 password change vulnerability Hanno Böck (Nov 20)
- Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability Kurt Seifried (Nov 20)