The Joomla team have released Joomla 1.5.26 and associated patch files. It is highly recommended that you upgrade all Joomla 1.5x websites as this patch includes a high severity password reset vulnerability and a low priority information disclosure issue.
details here
http://www.joomla.org/announcements/release-news/5419-joomla-1526-released.html
and here
http://developer.joomla.org/security/news/9-security/10-core-security/396-20120305-core-password-change