Joomla! 1.6/1.7/2.5 privilege escalation vulnerability
Description
A privilege escalation vulnerability exists in Joomla! versions 1.6.x, 1.7.x, and 2.5.0 through 2.5.2 that allows unauthenticated attackers to register user accounts with elevated privileges. During the registration process, attackers can manipulate user group assignments to gain membership in any group that does not have 'core.admin' privileges, including the 'Administrator' group. This bypasses the intended access control mechanisms and grants unauthorized administrative access to the application.
Remediation
Take the following immediate actions to remediate this vulnerability:
1. Upgrade Immediately: Migrate to Joomla! version 2.5.3 or later as soon as possible. Versions 1.6.x and 1.7.x have reached end-of-life and will not receive security patches.
2. Audit Existing Accounts: Review all user accounts created during the vulnerable period and verify their group memberships. Remove or demote any suspicious accounts with elevated privileges.
3. Check for Compromise: Examine template files and installed extensions for unauthorized modifications or malicious code. Pay special attention to PHP files in the /templates/ and /administrator/templates/ directories.
4. Disable Registration (Temporary): If immediate upgrade is not possible, disable user registration in the Joomla! configuration until the system can be upgraded.
5. Monitor Logs: Review administrator access logs for unauthorized login attempts or suspicious administrative activities.
Note: Joomla! versions 1.0.x and 1.5.x are not affected by this vulnerability but may have other security issues and should also be upgraded to currently supported versions.