CVE-2008-3681 Information

Description

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens which allows remote attackers to reset the \first enabled user (lowest id)\ password typically for the administrator.

Reference

http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html http://secunia.com/advisories/31457 http://securityreason.com/securityalert/4157 http://www.securityfocus.com/bid/30667 http://www.securitytracker.com/id?1020687 https://exchange.xforce.ibmcloud.com/vulnerabilities/44430 https://www.exploit-db.com/exploits/6234