August 18, 2008

Joomla 1.5 password reset exploit

By mcloide

Today I had one of my clients hacked with a recent exloit of the Joomla 1.5.x family. The exploit allows you to easily reset the first user password which usually is the administrator user. After some digging I could find how to reproduce the exploit and guess what, even a 5 years old could perform that. It’s so simple that’s scary.

Anyway if you are currently using Joomla 1.5.x you should upgrade it to 1.5.6.

More info at: http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

About mcloide

Making things simpler, just check: http://www.mcloide.com View all posts by mcloide
This entry was posted on Monday, August 18th, 2008 at 3:30 PM and tagged with , , , , and posted in joomla, PHP, Security. You can follow any responses to this entry through the RSS 2.0 feed.

Leave a comment