Onsight Data

The Joomla! Project has released an advisory to address a password reset vulnerability in the Joomla! content management system. This vulnerability, which may allow non-validating tokens to be forged, is due to a flaw in the reset token validation mechanism. Exploitation of this vulnerability may allow an unauthenticated attacker to reset the password of the first enabled user, which is typically an administrator user.

US-CERT encourages users to review the Joomla! advisory and upgrade to version 1.5.6 (or newer) or apply the patch listed in the advisory.

Onsight Data has upgraded all clients websites running Joomla to 1.5.6.