Tárgy:
Fwd: Joomla! Security News
Feladó:
Takács László <lacyc3@gmail.com>
Dátum:
2011.11.15. 10:15
Címzett:
Kelemen Mihály <kelemenm@tagdebr.sulinet.hu>

Kedves Tanár Úr!

Ez a hír érinti a TÁG oldalát is, így javaslom a mihamarabb frissítést is.

---------- Forwarded message ----------
From: Joomla! Developer Network - Security News <no_reply@joomla.org>
Date: Mon, Nov 14, 2011 at 2:29 PM
Subject: Joomla! Security News
To: lacyc3@gmail.com


Joomla! Security News


[20111103] - Core - Password Change

Posted: 14 Nov 2011 08:33 PM PST

  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 1.5.24 and all earlier 1.5 versions
  • Exploit type: Password Change
  • Reported Date: 2011-October-28
  • Fixed Date: 2011-November-14

Description

Weak random number generation during password reset leads to possibility of changing a user's password.

Affected Installs

Joomla! version 1.5.24 and all earlier 1.5 versions

Solution

Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)

Reported by David Jardin

Contact

The JSST at the Joomla! Security Center.
You are subscribed to email updates from Joomla! Developer Network - Security News
To stop receiving these emails, you may unsubscribe now.		 Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610



--
Üdvözlettel,
Takács László
lacyc3@gmail.com