• Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.7.2 and all 1.6.x versions
  • Exploit type: Password Change
  • Reported Date: 2011-October-28
  • Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions

Solution

Upgrade to the latest Joomla! version (1.7.3 or later)

Contact

The JSST at the Joomla! Security Centre.

Reported By: Gregor Kopf and David Jardin