Joomla! • View topic - Vulnerabilities

Joomla!®
Welcome to Joomla!

Joomla! is an award-winning open source CMS for building powerful websites.

Recent Joomla! News
Support Joomla!
- Shop Joomla! Gear
- Contribution
About
What Is Joomla?

Joomla is an award-winning content management system (CMS), which enables you to build Web sites and powerful online applications.
Read more...

Joomla! for Business

Joomla! is a extremely customizable and adaptable for Enterprise, SMBs, NPOs and beyond. Read more...

Joomla! for Developers

No matter what level of experience you hold, Joomla! has strengths to match; programmers, designers and end users alike!Read more...

Learn more about Joomla!
- The Software
- The Project
- The Leadership
- Open Source Matters
Community & Support
Connect!
Support!
Read!
Get involved with Joomla!

Joomla is an open source project and contributions from the community are essential to its growth and success. Anyone can contribute on any level, even newcomers can contribute to Joomla. Read more...
Extend
Directories
Developers
Download
Download Joomla! 2.5
- 2.5 Full Package
- Update Packages
- Demo Joomla! 2.5
Download Joomla! 3.1
- 3.1 Full Package
- Update Packages
- Demo Joomla! 3.1
Getting Started with Joomla!
Internationalization
Internationalization

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Vulnerabilities

Moderators: lafrance, mandville, General Support Moderators

Page 1 of 1

[ 3 posts ]

Print view

Previous topic | Next topic

Author

Message

tatemuin

Post subject: Vulnerabilities

Posted: Wed Aug 31, 2011 6:48 am

Joomla! Fledgling

Joined: Wed May 27, 2009 11:21 am
Posts: 3

a)seemes that user credentials are sent to /administrator/index.php in clear text and
b)from administrators PC because Password type input named pass from form named loginForm with action index.php has auto-complete enabled). My Question is how secure is this interface as far as hacking is concerned and if not what can be my solution to it.

Top

dylanjh

Post subject: Re: Vulnerabilities

Posted: Wed Aug 31, 2011 10:04 am

Joomla! Ace

Joined: Fri Sep 22, 2006 6:22 pm
Posts: 1695
Location: UK

a) Yes it will be unless you make the admin interface use ssl, there are a number of extensions in the JED that will do this.
b)I dont fully understand this, but I presume you are referring to the autocomplete feature most browsers have to make logging in easier. The only option is to disable this functionality in the browsers settings.

As far as securing the admin area, I normally use .htaccess to prevent anyone but my ip from accessing the administrator folder. You will need a static public IP for this however

_________________
EmailAsUsername - Remove Usernames Joomla! registration http://www.lunarhotel.co.uk
Many other extensions supported.
RsJoomla! RsForms RsMembership http://www.lunarhotel.co.uk/rsjoomla.php

Top

tatemuin

Post subject: Re: Vulnerabilities

Posted: Thu Sep 01, 2011 7:09 am

Joomla! Fledgling

Joined: Wed May 27, 2009 11:21 am
Posts: 3

Thank you on the first part on the user credentials i hope i will try to make head n tails out of your reply, to use SSL. i will need to rephrase on the other part (b).

Top

Page 1 of 1

[ 3 posts ]

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 3.1

Getting Started with Joomla!

Internationalization

The Joomla! Forum ™

Vulnerabilities

Who is online