Joomla VirtueMart vulnerable due to limited password combinations

The brute force vulnerability has been found in VirtueMart for Joomla, located on the order details page.

Affected products include VirtueMart 3.0.9 for Joomla and prior versions.

Brute force is able to overcome weak passwords due to a limited number of combinations (1,048,576 in total). If an order number is present, it leads to a leakage of information about the order (item, price, name, and other personal information of the customer).

MustLive, administrator of Websecurity.com.ua, has discovered many vulnerabilities with weak decimal or hexadecimal passwords in various apps and sites since 2007. Read about the findings here.