Lucene search

RedhatCVE-2011-4321

HistoryNov 23, 2011 - 6:55 p.m.

CVE-2011-4321

2011-11-2318:55:01

CWE-310

redhat

web.nvd.nist.gov

cve-2011-4321

joomla

password reset

remote attackers

weak random numbers

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

55.8%

JSON

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

Affected configurations

Nvd

Node

joomlajoomla\!Match1.5.0

joomlajoomla\!Match1.5.1

joomlajoomla\!Match1.5.2

joomlajoomla\!Match1.5.3

joomlajoomla\!Match1.5.4

joomlajoomla\!Match1.5.5

joomlajoomla\!Match1.5.6

joomlajoomla\!Match1.5.7

joomlajoomla\!Match1.5.8

joomlajoomla\!Match1.5.9

joomlajoomla\!Match1.5.10

joomlajoomla\!Match1.5.11

joomlajoomla\!Match1.5.12

joomlajoomla\!Match1.5.13

joomlajoomla\!Match1.5.14

joomlajoomla\!Match1.5.15

joomlajoomla\!Match1.5.15rc

joomlajoomla\!Match1.5.16

joomlajoomla\!Match1.5.17

joomlajoomla\!Match1.5.18

joomlajoomla\!Match1.5.19

joomlajoomla\!Match1.5.20

joomlajoomla\!Match1.5.21

joomlajoomla\!Match1.5.22

joomlajoomla\!Match1.5.23

joomlajoomla\!Match1.5.24

VendorProductVersionCPE
joomlajoomla\!1.5.0cpe:2.3:a:joomla:joomla\!:1.5.0:*:*:*:*:*:*:*
joomlajoomla\!1.5.1cpe:2.3:a:joomla:joomla\!:1.5.1:*:*:*:*:*:*:*
joomlajoomla\!1.5.2cpe:2.3:a:joomla:joomla\!:1.5.2:*:*:*:*:*:*:*
joomlajoomla\!1.5.3cpe:2.3:a:joomla:joomla\!:1.5.3:*:*:*:*:*:*:*
joomlajoomla\!1.5.4cpe:2.3:a:joomla:joomla\!:1.5.4:*:*:*:*:*:*:*
joomlajoomla\!1.5.5cpe:2.3:a:joomla:joomla\!:1.5.5:*:*:*:*:*:*:*
joomlajoomla\!1.5.6cpe:2.3:a:joomla:joomla\!:1.5.6:*:*:*:*:*:*:*
joomlajoomla\!1.5.7cpe:2.3:a:joomla:joomla\!:1.5.7:*:*:*:*:*:*:*
joomlajoomla\!1.5.8cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*
joomlajoomla\!1.5.9cpe:2.3:a:joomla:joomla\!:1.5.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomla	joomla\!	1.5.0	cpe:2.3:a:joomla:joomla\!:1.5.0:::::::*
joomla	joomla\!	1.5.1	cpe:2.3:a:joomla:joomla\!:1.5.1:::::::*
joomla	joomla\!	1.5.2	cpe:2.3:a:joomla:joomla\!:1.5.2:::::::*
joomla	joomla\!	1.5.3	cpe:2.3:a:joomla:joomla\!:1.5.3:::::::*
joomla	joomla\!	1.5.4	cpe:2.3:a:joomla:joomla\!:1.5.4:::::::*
joomla	joomla\!	1.5.5	cpe:2.3:a:joomla:joomla\!:1.5.5:::::::*
joomla	joomla\!	1.5.6	cpe:2.3:a:joomla:joomla\!:1.5.6:::::::*
joomla	joomla\!	1.5.7	cpe:2.3:a:joomla:joomla\!:1.5.7:::::::*
joomla	joomla\!	1.5.8	cpe:2.3:a:joomla:joomla\!:1.5.8:::::::*
joomla	joomla\!	1.5.9	cpe:2.3:a:joomla:joomla\!:1.5.9:::::::*

Rows per page:

1-10 of 261

References

developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change

www.openwall.com/lists/oss-security/2011/11/21/1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

55.8%

JSON

Related for CVE-2011-4321