image credit

Joomla Login Page Flaw Exposes Admin Credentials

September 21, 2017


Joomla 3.8 brings more than 300 improvements to the popular content management system (CMS) and patches two vulnerabilities, including one that can be exploited to obtain administrator credentials.

Researchers at RIPS Technologies discovered that Joomla versions between 1.5 and 3.7.5 are affected by a potentially serious vulnerability when using Lightweight Directory Access Protocol (LDAP) authentication.

LDAP is designed for accessing directory systems via TCP/IP and it’s available in Joomla via a native authentication plugin that can be enabled from the Plugin Manager.

Read More on Security Week