[wp-trac] [WordPress Trac] #3708: wp_login is too "friendly" --
Information disclosure
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 29 09:07:23 GMT 2007
#3708: wp_login is too "friendly" -- Information disclosure
---------------------------+------------------------------------------------
Reporter: charleshooper | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.3
Component: Security | Version:
Severity: trivial | Keywords: security login error
---------------------------+------------------------------------------------
While it's not exactly the end of the world, if you attempt to login with
an invalid username the error message returned is actually "Invalid
username." Obviously it works as intended; However, I consider this
information disclosure and feel that invalid usernames and passwords
should both return the same error message.
--
Ticket URL: <http://trac.wordpress.org/ticket/3708>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list