Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
http://www.openwall.com/lists/oss-security/2012/08/27/6
http://www.openwall.com/lists/oss-security/2012/03/29/5
http://developer.joomla.org/security/news/396-20120305-core-password-change.html