CVE Vulnerabilities

CVE-2008-4102

Published: Sep 18, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Joomla! 1.5 before 1.5.7 initializes PHPs PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHPs mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.

Affected Software

Name Vendor Start Version End Version
Joomla Joomla 1.5 1.5
Joomla Joomla 1.5.1 1.5.1
Joomla Joomla 1.5.2 1.5.2
Joomla Joomla 1.5.3 1.5.3
Joomla Joomla 1.5.4 1.5.4
Joomla Joomla 1.5.5 1.5.5
Joomla Joomla 1.5.6 1.5.6

References