DarkFiber Consulting – IT Managed Services

Joomla! Password Reset Vulnerability

August 14th, 2008 . by DarkFiber Consulting

The Joomla! Project has released an advisory to address a password reset vulnerability in the Joomla! content management system. This vulnerability, which may allow non-validating tokens to be forged, is due to a flaw in the reset token validation mechanism. Exploitation of this vulnerability may allow an unauthenticated attacker to reset the password of the first enabled user, which is typically an administrator user.

DarkFiber Consulting encourages users to review the Joomla! advisory and upgrade to version 1.5.6 (or newer) or apply the patch listed in the advisory.