Joomla! is a popular open-source website project. On September 20, 2017, security researchers detected an LDAP injection vulnerability in the Joomla! logon controller over RIPS. The vulnerability may allow a remote attacker to obtain the superuser password by using the blinding technology. If LDAP authentication is configured on the Joomla! 3.7.5 website, the attacker can obtain the superuser password merely in 20 seconds.
See the following for more information about the vulnerability.
Joomla! LDAP injection vulnerability
The vulnerability on the logon page allows a remote attacker to extract all the authentication credentials from the LDAP server used by Joomla!. The credentials include the user names and passwords of the superuser and the Joomla! administrator. By uploading custom Joomla! extensions and performing remote code execution, the attacker can log on to the administrator control panel with the credentials and take over the Joomla! system and potential web servers.
Condition and method of exploitation
The vulnerability is remotely exploitable when LDAP authentication is configured in Joomla!
Unaffected version: Joomla! 3.8.0
Check whether LDAP authentication is used and whether any affected version of Joomla! is used.
How to fix or mitigate
We recommend that you upgrade Joomla! to the latest official version 3.8.0.