Akeeba, an extension for content management systems that lets users backup their work, fixed an outstanding issue this week that could ve let anyone download users site backups, passwords and user lists. An open-source backup extension for CMS platforms such as WordPress and Joomla has been downloaded over eight million times. An attacker would have to brute force a. payload one character at a time to converse with the API like a legitimate user. Once they started a back and forth though, an attacker would be able to bypass the AES crypto defenses Joomala has in place and secure access to any backups created.
Source: https://threatpost.com/akeeba-patches-bypass-vulnerability-in-joomla/107883/