Close

Urgent – High Priority Patches Joomla 1.5 and 1.6x/1.7x Released

Here’s something you don’t see happening too often. Both streams 1.5 and 1.6/1.7 suffering from the same issue. In this case it’s something that you really should pay attention to as the devs have discovered that the random number generator used during password recovery is not quite up to scratch.

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.7.2 and all 1.6.x versions
  • Exploit type: Password Change
  • Reported Date: 2011-October-28
  • Fixed Date: 2011-November-14

“Weak random number generation during password reset leads to possibility of changing a user’s password.”

This release also fixes an XSS vulnerability. Be sure to upgrade to 1.7.3 as soon as you can.

The exact same issue affects all j1.5 versions up to 1.5.24 so upgrade websites on that service to 1.5.25 as soon as you can.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.