- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Weak random number generation during password reset leads to possibility of changing a user's password.
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Upgrade to the latest Joomla! version (1.7.3 or later)
The JSST at the Joomla! Security Centre.