Skip links

Joomla 1.5.25/1.7.3 Released (Security Update)

If you are using Joomla, now is the time to update it. A new version was just released for the 1.5.x and 1.7.x branches fixing a high priority security issue that will allow remote users to change other users passwords (even on admin account).

More details on the Joomla website and here.

Weak random number generation during password reset leads to possibility of changing a user’s password.

Affected Installs:

  • Joomla! version 1.5.24 and all earlier 1.5 versions
  • Joomla! versions: 1.7.2 and all 1.6.x versions


diff -ur joomla-1-5-24/libraries/joomla/user/helper.php joomla-1-5-25/libraries/joomla/user/helper.php
— joomla-1-5-24/libraries/joomla/user/helper.php 2010-01-26 10:10:00.000000000 -0400
+++ joomla-1-5-25/libraries/joomla/user/helper.php 2011-11-13 21:18:53.000000000 -0400
@@ -285,11 +285,6 @@
– $stat = @stat(__FILE__);
– if(empty($stat) || !is_array($stat)) $stat = array(php_uname());

– mt_srand(crc32(microtime() . implode(‘|’, $stat)));

for ($i = 0; $i < $length; $i ++) { $makepass .= $salt[mt_rand(0, $len -1)]; }

Please update!

  • AML

    I’m trying to puchase your program but I’m having trouble paying through Paypal. I calledthem they said it’s not their issue…I am not getting a response from your email team! Please help. I really need to purchase this.

    • Hi, please contact sales and we can work with you from there.


  • eagesa

    Is there one in the market yet?