CVE-2008-3681
Joomla! 1.5 (versions 1.5–1.5.5) contains a flaw in components/com_user/models/reset.php where reset tokens are not properly validated. This allows remote attackers to reset the password of the first enabled user (usually the administrator). Remediation: upgrade to 1.5.6 or patch /components/com_...