CVE-2008-3681
N/A
N/A
Summary
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html
- http://securityreason.com/securityalert/4157
- http://www.securitytracker.com/id?1020687
- http://secunia.com/advisories/31457
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44430
- http://www.securityfocus.com/bid/30667
- https://www.exploit-db.com/exploits/6234
References
- http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html
- http://securityreason.com/securityalert/4157
- http://www.securitytracker.com/id?1020687
- http://secunia.com/advisories/31457
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44430
- http://www.securityfocus.com/bid/30667
- https://www.exploit-db.com/exploits/6234
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.