Tuesday, 25 October 2016 16:18

Security Issue? Joomla 3.6.4 /administrator panel background color changed

I noticed that after installing the Joomla 3.6.4 security patch, the background color of the /administrator control panel login screen changed.  It seems that with today's release of Joomla 3.6.4, and ease of which the exploit can be executed, it's really bad timing to make it so easy for hackers to see whether or not a site has been patched.  This latest Joomla exploit allows for a person to do two things:

  1. create an account for themselves in your Joomla user manager, even if you've turned this option OFF in the settings
  2. when creating that account in step one, they are able to assign it "administrator" rights

Meaning... once they sign in with it, they have full access to your admin panel.  I have already reached out to This email address is being protected from spambots. You need JavaScript enabled to view it. about this issue and will report back with any response.

[edit]
Their Response:
The login page was refreshed at 3.5.0, it is also configurable via the admin interface.  This alone wouldn't be a giveaway.
Joomla! Security Strike Team
[/edit]

Compounding the issue, the Joomla team revealed this issue four (4) days ago, on October 21.  (This gave hackers plenty of time to get ready...)

This could have been be partially mitigated by adding extra protection (at the server level) to the /administrator/ directory.  This would typically involve adding an IP-based firewall or an extra password to the directory.  If you're interested in having your site examined for potential security issues - whether it is Joomla, Wordpress, Drupal, or another platform - contact us today.

Last modified on Friday, 22 April 2022 13:30
Comments (0)
There are no comments posted here yet
Leave your comments
Posting as Guest
×
Suggested Locations

Call or email today for a free consultation:

Monday - Friday 9-5 ET
570.508.6881
office@covingtoncreations.com

Latest Comments

Got a similar email that seemed suspicious. Ignored it and they even followed up today.
My organization received one of these emails from "Linda," but uses https://www.bestprosintown.com/p...
Hi Nate, I got the same email template from the same email address today and found you through a ...
Just received one today (16 Aug 2022) from "Mailchimp". Thanks for sharing!
Thanks for posting this. I just got one today. I was 99% sure it was a scam, and your post confirmed...


Design & Development

Wordpress, Drupal, Joomla
New custom websites
Bespoke themes and extensions
Redesigns, upgrades, migrations

Web Design & Development


Optimization & SEO

Let us optimize and manage your overall online presence. We offer full service monthly SEO as well as one-time projects.  

Optimization Plans & Pricing


Maintenance, Patching

White glove monthly backups, security updates, maintenance and testing for your Wordpress, Drupal, or Joomla site.

Maintenance Plans & Pricing


Email Newsletter

Bring your web & marketing performance to the next level: monthly blog post roundup via email.  

Stay in Touch!

Member

scranton chamber crop