Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3681

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3681
Last Modified 06 Feb 2009 01:58:00
Published 14 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3681

Summary

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

Vulnerable Systems

Application

  • Joomla Com User 1.5

  • Joomla Com User 1.5.1

  • Joomla Com User 1.5.2

  • Joomla Com User 1.5.3

  • Joomla Com User 1.5.4

  • Joomla Com User 1.5.5


References

XF - joomla-reset-security-bypass(44430)

SECTRACK - 1020687

BID - 30667

MILW0RM - 6234

SREASON - 4157

SECUNIA - 31457

CONFIRM - http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html


Last Updated: 27 May 2016 10:48:16