• Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.5.24 and all earlier 1.5 versions
  • Exploit type: Password Change
  • Reported Date: 2011-October-28
  • Fixed Date: 2011-November-14


Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.5.24 and all earlier 1.5 versions


Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)


The JSST at the Joomla! Security Centre.

Reported By: Gregor Kopf and David Jardin