D3M0N

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.5 through 1.5.5 **Description** The issue concerns improper validation of reset tokens in the `components/com user/models/reset.php` file. This allows remote attackers to reset the password of the first enabled user, which is typically the administrator. **Recommendations** For Joomla! versions 1.5 through 1.5.5, update to a version that properly validates reset tokens to prevent unauthorized password resets.