- Core - Password Change
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Weak random number generation during password reset leads to possibility of changing a user's password.
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Upgrade to the latest Joomla! version (1.7.3 or later)
Reported by Gregor Kopf and David Jardin
The JSST at the Joomla! Security Center.