Joomla! Security Bypass and Information Disclosure Security Issues

SECUNIA ADVISORY ID:
SA48584

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48584/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48584

RELEASE DATE:
2012-03-28
DESCRIPTION:
Two security issues have been reported in Joomla!, which can be
exploited by malicious people to disclose potentially sensitive
information and bypass certain security restrictions.

1) An error due to the password generation algorithm generating
predictable passwords can be exploited to guess a generated password
when e.g. a password reset for a user is triggered.

2) An error related to insufficient permission checking can be
exploited to disclose certain information from the administration
backend.

The security issues are reported in versions 1.5.x prior to 1.5.26.

SOLUTION:
Update to version 1.5.26.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) George Argyros and Aggelos Kiayias
2) Cyrille Barthelemy

ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5419-joomla-1526-released.html
http://developer.joomla.org/security/news/9-security/10-core-security/396-20120305-core-password-change
http://developer.joomla.org/security/news/9-security/10-core-security/397-20120306-core-information-disclosure