Critical Bug in Joomla 1.5.5 (and older 1.5.x versions)

The password of the user with the lowest ID (typically an administrator) can be reset by an unauthorized user in Joomla 1.5.x installations prior version 1.5.6 because of a bug in the password remind functionality.

All 1.5.x installations prior to and including 1.5.5 are affected

The Joomla developer team advises to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file with the code below).

After global $mainframe; on line 113 of reset.php, add:

if(strlen($token) != 32) {
    $this->setError(JText::_('INVALID_TOKEN'));
    return false;
}


 
See: Joomla! Developer – Password Remind Functionality