Intrusion Prevention

Joomla!.com_user.Password.Reset

Description

This indicates an attack attempt against a remote token-injection vulnerability
in Joomla.
A vulnerability has been reported in Joomla that may allow an attacker to reset the administrator password of the vulnerable web application. This is possible because the user input filters fail to properly sanitize the token parameter value that is passed to components/com_user/models/reset.php". An attacker may reset the administrator's password by sending a malformed POST request.

Affected Products

Joomla Joomla 1.5.5
Joomla Joomla 1.5.4
Joomla Joomla 1.5.3
Joomla Joomla 1.5.2
Joomla Joomla 1.5.1
Joomla Joomla 1.5
Joomla Joomla 1.5.0 Beta
Joomla Joomla 1.5 RC3
Joomla Joomla 1.5 RC2
Joomla Joomla 1.5 RC1
Joomla Joomla 1.5 Beta 2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to Joomla 1.5.6, which is available at the following web site:
http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip

CVE References

CVE-2008-3681