CVE-2012-1598
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
Date published : 2012-12-03
http://developer.joomla.org/security/news/396-20120305-core-password-change.html