CVE-2011-4321
Joomla! 1.5.x-1.5.24 - Weak Random Number Usage in Password Reset
Title source: llmDescription
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://developer.joomla.org/security/news/9-security/10-core-security/375-20111103-core-password-change
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/21/1
Scores
EPSS
0.0033
EPSS Percentile
56.1%
Details
CWE
CWE-310
Status
published
Products (25)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 15 more
Published
Nov 23, 2011
Tracked Since
Feb 18, 2026