• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Joomla Account Creation Vulnerability

October 25, 2016Daniel CidEspanolPortugues

33
SHARES
FacebookTwitterSubscribe

The Joomla team released a patch for a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of Joomla, you’re encouraged to update immediately.

The vulnerability has a high severity as it allows anyone to create a user remotely and specify the desired group permission to it, including administrator. Two CVE’s were assigned to these vulnerabilities: CVE-2016-8870 and CVE-2016-8869. We highly recommend that everyone apply these patches ASAP.

Sucuri Firewall Virtual Patching

As soon as we learned about this issue, our vulnerability research team (led by Marc MontPas) went on to reverse-engineer the patch and find out how it can be exploited in order to protect our users. We found out that it is present on an old controller used for backwards compatibility. We were able to create a virtual patching signature and push it live to all of our users within minutes.

The good news now is that if you have your site behind our Sucuri Firewall you are protected against this issue.

We also took some time to go back to our log data to see if this attack was ever used in the wild. So far, we didn’t find a single exploit attempt of it. This will likely change, as the attackers will also try to reverse the patch to find out how they can leverage it to create admin users on Joomla sites in order to compromise them for malware distribution, phishing, DDoS, and more. If your website has been compromised you can follow our free guide to fix hacked Joomla sites.

33
SHARES
FacebookTwitterSubscribe

Categories: Joomla Security, Vulnerability DisclosureTags: Permissions, Sucuri Firewall

About Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Reader Interactions

Comments

  1. Jan R

    October 26, 2016

    Any idea as to what kind of HTTP request we might find/expect in our server logs that are exploiting this? Only HTTP POST or also GET requests that we can block?

    • Daniel Cid

      October 26, 2016

      Hi Jan,

      Check here: https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

  2. bugggbear

    October 26, 2016

    Sharing some information about possible malicious URI or POST content, would be useful, for people trying also to protect themselfs with virtual patch from this vuln.

    • Daniel Cid

      October 26, 2016

      We pushed some details here: https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html

      • bugggbear

        October 27, 2016

        Thanks for the update !

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Joomla Security Guide

How to Clean a Hacked Website Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.