Joomla hit by critical password-reset forgery flaw

Joomla hit by critical password-reset forgery flawHeads-up to Joomla users: There’s a patch out for a critical password-reset forgery issue that could compromise your content management system. Oh, by the way, it’s already being actively exploited.

The open-source group warns in an advisory that the issue affects Joomla version 1.5.5 and all previous 1.5 releases.

“This is a quick turnaround security release to address a high level security issue and it is recommended all users upgrade immediately,” Joomla added. Exploit code is publicly available.

The details:

  • A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password).

However, Joomla maintainers warn that the only way to completely rectify the issue is to upgrade to version 1.5.6 or patch the /components/com_user/models/reset.php file.

[Source: zdnet]