October 22, 2014

[20100423] – Core – Password Reset Tokens

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 1.5.15 and all previous 1.5 releases
  • Exploit type: Unauthorised Access
  • Reported Date: 2010-Jan-07
  • Fixed Date: 2010-Apr-23

Description

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.

Affected Installs

All 1.5.x installs prior to and including 1.5.15 are affected.

Solution

Upgrade to the latest Joomla! version (1.5.16 or later)

Reported by Madis Abel

Contact

The JSST at the Joomla! Security Center.