components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 6234 | |||
| joomla-reset-security-bypass(44430) | |||
| 1020687 | |||
| 30667 | |||
| 4157 | |||
| http://developer.joomla.org/security/news/241-20080801-c... |
Permissions, Privileges, and Access Controls (ID 264)
Related CAPEC 6
Accessing, Modifying or Executing Executable Files (CAPEC-ID 17)
Leverage Executable Code in Non-Executable Files (CAPEC-ID 35)
Blue Boxing (CAPEC-ID 5)
Restful Privilege Elevation (CAPEC-ID 58)
Target Programs with Elevated Privileges (CAPEC-ID 69)
Manipulating Input to File System Calls (CAPEC-ID 76)