Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability

[Kurt Seifried <kseifried () redhat com>]

On 11/20/2011 04:04 AM, Hanno Böck wrote:
> http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change
>
> Description
> Weak random number generation during password reset leads to
> possibility of changing a user's password.
>
> Affected Installs
> Joomla! version 1.5.24 and all earlier 1.5 versions
>
> Solution
> Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
Please use CVE-2011-4321 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team