Joomla 1.5 password reset exploit

Today I had one of my clients hacked with a recent exloit of the Joomla 1.5.x family. The exploit allows you to easily reset the first user password which usually is the administrator user. After some digging I could find how to reproduce the exploit and guess what, even a 5 years old could perform that. It’s so simple that’s scary.

Anyway if you are currently using Joomla 1.5.x you should upgrade it to 1.5.6.

More info at: http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html

Advertisements

About mcloide

Making things simpler, just check: http://www.mcloide.com View all posts by mcloide

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: