Thursday, August 14th, 2008
Security Alert for Joomla 1.5.x Users
A security alert has been raised at the Joomla Developer site. A vulnerability has been found to exist in theĀ “user” component of the popular OSS which allows attackers to forge a password reset. Joomla Developers have since developed a patch which is available from their website.
Versions affected: 1.5 - 1.5.5
Solution: Download the patch and Upgrade to 1.5.6 -> http://joomlacode.org/gf/project/joomla/frs/
More details about this vulnerability can be found on the following URL:
http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html