If you are using Joomla, now is the time to update it. A new version was just released for the 1.5.x and 1.7.x branches fixing a high priority security issue that will allow remote users to change other users passwords (even on admin account).
More details on the Joomla website and here.
Description:
Weak random number generation during password reset leads to possibility of changing a user’s password.
Affected Installs:
- Joomla! version 1.5.24 and all earlier 1.5 versions
- Joomla! versions: 1.7.2 and all 1.6.x versions
Changelog:
diff -ur joomla-1-5-24/libraries/joomla/user/helper.php joomla-1-5-25/libraries/joomla/user/helper.php
— joomla-1-5-24/libraries/joomla/user/helper.php 2010-01-26 10:10:00.000000000 -0400
+++ joomla-1-5-25/libraries/joomla/user/helper.php 2011-11-13 21:18:53.000000000 -0400
@@ -285,11 +285,6 @@
– $stat = @stat(__FILE__);
– if(empty($stat) || !is_array($stat)) $stat = array(php_uname());
–
– mt_srand(crc32(microtime() . implode(‘|’, $stat)));
–
for ($i = 0; $i < $length; $i ++) { $makepass .= $salt[mt_rand(0, $len -1)]; }
Please update!
3 comments
I’m trying to puchase your program but I’m having trouble paying through Paypal. I calledthem they said it’s not their issue…I am not getting a response from your email team! Please help. I really need to purchase this.
Hi, please contact sales sucuri.net and we can work with you from there.
Thanks,
Dre
Is there one in the market yet?
Comments are closed.