Joomla! Information Disclosure Vulnerabilities

SECUNIA ADVISORY ID:
SA46421

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46421/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46421

RELEASE DATE:
2011-10-18
DESCRIPTION:
Two vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to disclose potentially sensitive
information.

1) An error due to weak encryption can be exploited to disclose
potentially sensitive information.

This vulnerability is reported in versions prior to 1.5.24 and prior
to 1.7.2.

2) Insufficient error checking can be exploited to disclose
potentially sensitive information.

This vulnerability is reported in versions prior to 1.7.2.

SOLUTION:
Update to version 1.5.24 or 1.7.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Jeff Channell
2) Aung Khant, YGN Ethical Hacker Group

ORIGINAL ADVISORY:
Joomla!:
http://developer.joomla.org/security/news/370-20111001-core-information-disclosure
http://developer.joomla.org/security/news/371-20111002-core-information-disclosure
http://developer.joomla.org/security/news/372-20111003-core-information-disclosure