mailing list archives
Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 20 Nov 2011 19:56:54 -0700
On 11/20/2011 04:04 AM, Hanno Böck wrote:
Weak random number generation during password reset leads to
possibility of changing a user's password.
Joomla! version 1.5.24 and all earlier 1.5 versions
Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
Please use CVE-2011-4321 for this issue.
-Kurt Seifried / Red Hat Security Response Team