MA-136.082008 : MyCERT Special Alert - Critical Joomla! reset password vulnerability Original Issue Date: 14th August 2008
Last revised: 19th August 2008 1.0 Introduction MyCERT has received reports from multiple sources regarding Joomla! reset password vulnerability. Joomla! is a popular content management systems based on PHP and is widely used to deploy portals in the country. MyCERT is aware that at the time of this writing an exploit is publicly available to internet users. 2.0 Affected Systems All 1.5.x installs prior to and including 1.5.5 are affected. 3.0 Description The vulnerability allows an attacker to reset the password of first enabled user (normally administrator) remotely. This has serious implications as it affects the integrity and availability of the site. 4.0 Recommendation 4.1 MyCERT highly recommends that system or security administrators patch or upgrade to the latest version of Joomla! As per MyCERT checking the latest is 1.5.6 and can be obtained via the this URL: http://www.joomla.org/download.html In addition, a quick fix can also be done by modifying the source code of the /components/com_user/models/reset.php. Details on how this can be done is available in the site cited in the reference section below [a]. 4.2 Once the a site has been compromised, legitimate administrator will no longer able to log in. Therefore the system administrator need to reset the password for admin account. This can be done directly to the mysql database either using phpmyadmin or using the mysql client. Details on how this can be done is available in the site cited in the reference section below [b]. 5.0 Reference [a] http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html [b] http://www.teachmejoomla.net/joomla-mambo-tutorials-and-howtos/general-questions/how-to-change-or-recover-joomla-administrator-password.html [c] http://gcert.mampu.gov.my/index.php?option=com_content&task=view&id=211&Itemid=1 |
