"Joomla!" - after 8 years a vulnerability in LDAP authentication was discovered

"Joomla!" Is the second most popular content management system in the world. It is estimated that based on Joomla! there is over 3% of all websites. The susceptibility found certainly will not be one of the most spectacular (two conditions have to be met), but it applies to almost all versions: from 1.5 to 3.7.5 inclusive. The latest release 3.8 , which was released on September 18, already contains a patch to fix the vulnerability described below.

A vulnerability that potentially threatens almost all websites built using Joomla! was discovered by the "customized" RIPS Tech RIPS solution, also described by OWASP as the most popular tool for automatic static code analysis to detect vulnerabilities in PHP applications. This RIPS has detected a previously unknown vulnerability in the plug-in that supports the LDAP login protocol.

A remote attack can successfully extract the LDAP server authentication credentials that you entered during the installation. An attacker, if he uses the intercepted information to log in to the administrative panel, will have full access to the attacked page. The consequences are difficult to predict.

CVE-2017-14596 vulnerability affects the Joomla! from 1.5 to 3.7.5 inclusive, but from the condition that the LDAP protocol is configured. We recommend immediate updating. The latest version of 3.8 CMS Joomla! brings to the core not only the patches that make it possible to carry out an attack discovered by RIPS Tech.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.