Tuesday, 25 October 2016 16:18

Security Issue? Joomla 3.6.4 /administrator panel background color changed

Be the first to comment!

I noticed that after installing the Joomla 3.6.4 security patch, the background color of the /administrator control panel login screen changed. It seems that with today's release of Joomla 3.6.4, and ease of which the exploit can be executed, it's really bad timing to make it so easy for hackers to see whether or not a site has been patched. This latest Joomla exploit allows for a person to do two things:

create an account for themselves in your Joomla user manager, even if you've turned this option OFF in the settings
when creating that account in step one, they are able to assign it "administrator" rights

Meaning... once they sign in with it, they have full access to your admin panel. I have already reached out to This email address is being protected from spambots. You need JavaScript enabled to view it. about this issue and will report back with any response.

[edit]
Their Response:
The login page was refreshed at 3.5.0, it is also configurable via the admin interface. This alone wouldn't be a giveaway.
Joomla! Security Strike Team
[/edit]

Compounding the issue, the Joomla team revealed this issue four (4) days ago, on October 21. (This gave hackers plenty of time to get ready...)

This could have been be partially mitigated by adding extra protection (at the server level) to the /administrator/ directory. This would typically involve adding an IP-based firewall or an extra password to the directory. If you're interested in having your site examined for potential security issues - whether it is Joomla, Wordpress, Drupal, or another platform - contact us today.

Last modified on Friday, 22 April 2022 13:30

Published in Blog

Tagged under

More in this category: « [SOLVED] Database Collation Issue after Upgrading to Joomla 3.6.4 Solution: Printing Multiple Lines of Text on Quickbooks 2015-2016 Invoice »