VietNamNet Bridge – Vietnam’s leading network security agency, BKIS centre, on August 14 warned of a gap in an open-source content management system named Joomla, 1.5.x version.

This is an easy-to-use and flexible CMS used widely in the world. According to BKIS, thousands of websites in Vietnam are using Joomla software.

On August 13, instructions about how to take advantage of a new gap in Joomla 1.5.x version were launched on the Internet. With these instructions, anyone can easily seize control of websites using Joomla within a minute.

BKIS’s director said this agency made a quick test of 1,178 websites using Joomla in Vietnam and found 158 websites that had this gap. BKIS delivered its warning, as well as instructions to deal with the gap.

Yet, the number of websites using Joomla is very large so BKIS can’t directly send a warning to all.

According to BKIS, only websites using Joomla 1.5.x are exposed to danger. The best way to deal with this is updating the latest version Joomla 1.5.6, which was delivered on August 13, 2008, or fix the error manually:

Changing file “/components/com_user/models/reset.php”, after global $mainframe, in the 113^th line, adding the following orders:

if(strlen($token) != 32) {

$this->setError(JText::_('INVALID_TOKEN'));

return false;

}

(Source: NLD)