Browse By

Joomla! 1.5.6 Tangani Masalah Token

Joomla! 1.5.6Hari ini komuniti Joomla! telah mengumumkan Joomla! siri 1.5.6 (Vusani) telah sedia untuk dipindahturun. Versi ini adalah untuk menangani isu keselamatan tahap tinggi di mana terdapat masalah di dalam fungsi untuk mengingati kata laluan dan disarankan agar semua pengguna Joomla! upgrade Joomla! masing-masing dengan segera.

Masalah di dalam versi sebelum ini dilaporkan:

A flaw in the reset token validation mechanism allows for non-validating tokens to be forged. This will allow an unauthenticated, unauthorized user to reset the password of the first enabled user (lowest id). Typically, this is an administrator user. Note, that changing the first users username may lessen the impact of this exploit (since the person who changed the password does not know the login associated with the new password). However, the only way to completely rectify the issue is to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file).
For more information about this exploit, visit the Joomla Security Blog http://developer.joomla.org/security.html.

Download : Joomla! 1.5.6 (5,889 Kb) | Upgrade

Related Posts Plugin for WordPress, Blogger...