[wp-hackers] Re: WordPress can "leak" if a username is valid
sunburntkamel at gmail.com
Mon Feb 18 22:12:47 GMT 2008
That's terribly inaccurate. most fantastico installations will force
users to choose a different username at setup.
On Feb 18, 3:01 pm, "Will Brown" <will.h.br... at gmail.com> wrote:
> I have to say I agree with Otto. Every attacker already knows a username
> they can bruteforce with: "admin". Every single Wordpress installation has
> the admin user unless someone's gone in and changed the database, so an
> attacker doesn't need to use this method to gain a hack-able account.
> If we're really worried about the security of usernames and being able to
> guess them, then we should do away with a default, unchangable administrator
> username, instead of an indication that a username exists.
> wp-hackers mailing list
> wp-hack... at lists.automattic.comhttp://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers