PT-2011-4930 · Open Source Matters · Joomla!

Hanno Böck

Published

2011-11-23

Updated

2011-11-28

CVE-2011-4321

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Joomla! versions 1.5.x through 1.5.24

Description The password reset functionality uses weak random numbers, making it easier for remote attackers to change the passwords of arbitrary users.

Recommendations For versions 1.5.x through 1.5.24, update to a version that addresses the weak random number issue in the password reset functionality.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-4321

Affected Products

Joomla!

PT-2011-4930 · Open Source Matters · Joomla!

CVE-2011-4321

Weakness Enumeration

Related Identifiers

Affected Products

References · 4