The password of the user with the lowest ID (typically an administrator) can be reset by an unauthorized user in Joomla 1.5.x installations prior version 1.5.6 because of a bug in the password remind functionality.
All 1.5.x installations prior to and including 1.5.5 are affected
The Joomla developer team advises to upgrade to 1.5.6 (or patch the /components/com_user/models/reset.php file with the code below).
After global $mainframe; on line 113 of reset.php, add:
if(strlen($token) != 32) {
$this->setError(JText::_('INVALID_TOKEN'));
return false;
}
See: Joomla! Developer – Password Remind Functionality
Tag Archives: Joomla
Joomla – howto active SEF (search engine friendly URLs)
If not already done, enable “Override” for Options and FileInfo in your apache configuration (needed for mod_rewrite and symlinks):
<Directory "/srv/www/htdocs/##user##/html">
AllowOverride Options FileInfo
</Directory>
Move the default htaccess.txt to .htaccess and activate SEF in your Joomla config. That’s all : )