In association with heise online

13 August 2008, 10:55

Joomla suffers already-exploited critical vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of Joomla content management system have warned of a critical vulnerability in the password reset function of Joomla, which is already being actively exploited, and potentially allows attackers to take administrative control. The flaw affects all Joomla 1.5.x installs up to 1.5.5.

When a password reset is requested a token is sent to the user by email. The flaw occurs when a token is presented to the system; the validation system contains a flaw which allows an unauthenticated, unauthorised user to reset the password of the first enabled user and take control. Typically this first active user is the administrator.

The Joomla team point out that changing the username of the administrator may lessen the impact of the problem because the attacker only knows the account he is resetting is the first account and has to guess at the login name.

Joomla recommends that users either upgrade to Joomla 1.5.6 or apply a direct patch to the system.

The patch requires requires that the /components/com_user/models/reset.php file be modified. In that file, after global $mainframe; on line 113, add

    if(strlen($token) != 32) {
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}

Joomla users are recommended to apply the patch or upgrade as soon as possible.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-736869
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit