[wp-trac] Re: [WordPress Trac] #3708: wp_login is too "friendly" --
Information disclosure
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 29 23:31:58 GMT 2007
#3708: wp_login is too "friendly" -- Information disclosure
--------------------------------------+-------------------------------------
Reporter: charleshooper | Owner: anonymous
Type: defect | Status: closed
Priority: low | Milestone: 2.2
Component: Security | Version: 2.2
Severity: trivial | Resolution: wontfix
Keywords: security login has-patch |
--------------------------------------+-------------------------------------
Changes (by charleshooper):
* status: new => closed
* resolution: => wontfix
Comment:
Good point about the author archives, I hadn't really thought about that.
Guess I was just excited about submitting my first patch for Wordpress,
even IF it was only to change some error messages.
But now that I've been reminded that there are many other ways to get
valid Wordpress usernames (that are all quite a bit easier than brute
forcing the login) it just doesn't make sense to leave this ticket
hanging.
--
Ticket URL: <http://trac.wordpress.org/ticket/3708#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list