• Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.7.2 and all 1.6.x versions
  • Exploit type: Password Change
  • Reported Date: 2011-October-28
  • Fixed Date: 2011-November-14


Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions


Upgrade to the latest Joomla! version (1.7.3 or later)


The JSST at the Joomla! Security Centre.

Reported By: Gregor Kopf and David Jardin