Joomla VirtueMart vulnerable due to limited password combinations

News by Danielle Correa

The brute force vulnerability has been found in VirtueMart for Joomla, located on the order details page.

Affected products include VirtueMart 3.0.9 for Joomla and prior versions.

Brute force is able to overcome weak passwords due to a limited number of combinations (1,048,576 in total). If an order number is present, it leads to a leakage of information about the order (item, price, name, and other personal information of the customer).

MustLive, administrator of, has discovered many vulnerabilities with weak decimal or hexadecimal passwords in various apps and sites since 2007. Read about the findings here.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews