Lucene search

FreeBSD8514B6E7-6F0F-11DD-B3DB-001C2514716C

HistoryAug 14, 2008 - 12:00 a.m.

joomla -- flaw in the reset token validation

2008-08-1400:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.099 Low

EPSS

Percentile

94.9%

JSON

Joomla project reports:

A flaw in the reset token validation mechanism allows
for non-validating tokens to be forged. This will allow
an unauthenticated, unauthorized user to reset the password
of the first enabled user (lowest id). Typically, this is
an administrator user. Note, that changing the first users
username may lessen the impact of this exploit (since the
person who changed the password does not know the login
associated with the new password). However, the only way
to completely rectify the issue is to upgrade to 1.5.6
(or patch the /components/com_user/models/reset.php file).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjoomla15< 1.5.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	joomla15	< 1.5.6	UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.099 Low

EPSS

Percentile

94.9%

JSON

Related for 8514B6E7-6F0F-11DD-B3DB-001C2514716C