FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3681

This CVE name corresponds to:

Entered Topic
2008-08-20 joomla -- flaw in the reset token validation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3681 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3681
Phase Assigned(20080814)

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.

References

Source Reference
MILW0RM 6234
CONFIRM http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html
BID 30667
SECTRACK 1020687
SECUNIA 31457
SREASON 4157
XF joomla-reset-security-bypass(44430)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.