Developer Network™ - Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Description
Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.3 or later)
Contact
The JSST at the Joomla! Security Centre.
Reported By: Gregor Kopf and David Jardin