• Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x releases
  • Exploit type: Password Change
  • Reported Date: 2012-March-8
  • Fixed Date: 2012-March-15

Description

Insufficient randomness leads to password reset vulnerability.

Affected Installs

Joomla! versions 2.5.2, 2.5.1, 2.5.0, and all 1.7.x and 1.6.x versions

Solution

Upgrade to version 2.5.3

Reported by George Argyros and Aggelos Kiayias

Contact

The JSST at the Joomla! Security Center.