|
We've received reports from several readers (thanx, Ronaldo and anonymous) that they have seen successful exploitation of the Joomla user password reset vulnerability announced on 12 Aug (with an exploit posted to milw0rm at about the same time). If you have not yet upgraded to 1.5.6, do so ASAP
References: http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html http://www.us-cert.gov/current/index.html#joomla_password_reset_vulnerability http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3681 I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019 |
Jim 407 Posts ISC Handler |
| Subscribe |
Aug 15th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
