New User blocked my admin login somehow?

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: ... Extensions
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Mon Aug 20, 2007 7:43 pm

New User blocked my admin login somehow?

Post by wes_517 » Mon Dec 03, 2007 2:48 pm

OK, so this morning around 7:30, I received an email from the system saying there's a new user.

strange it wasn't someone I recognized, because the nature of my site, I know all the users personally.

I got scared for a minute when the email that was registered contained a reference to "all your base"

tried logging into my site, and found that I couldn't. started to get a little scared, so jumped into the database, the user was in there (since they registered) but they still had the activation code, and my super admin account is still there and intact.

once I deleted the other account, I was then able to log in again with my account.

looking back, I should have exported the whole thing instead of deleting it, but can anyone shed some light onto this at all?

It doesn't make sense to me that a newly registered user could block out logins, unless they did something that effects other parts of the database in some why, but if they did, why would just deleting that account let me log in again with the same password and all as before?

Is there anything I can give to the Dev's that could show if this was a fluke thing like mistyping my password 7 times or if there is something that someone managed to exploit?

I admit my installation of RC3 is probably about 3 weeks old at this point.


Return to “Security in Joomla! 1.5”