2008-09-18 17:47:00
mitre
PUBLISHED
Joomla! 1.5 before 1.5.7 initializes PHPs PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHPs mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.