[wp-trac] [WordPress Trac] #13866: No dupe-checking on wp_users.display_name field allows impersonation attack, edge case privilege escalation venerability

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 17 00:58:02 UTC 2010


#13866: No dupe-checking on wp_users.display_name field allows impersonation
attack, edge case privilege escalation venerability
--------------------------+-------------------------------------------------
 Reporter:  foxly         |       Owner:                                          
     Type:  defect (bug)  |      Status:  new                                     
 Priority:  high          |   Milestone:  Unassigned                              
Component:  Users         |     Version:  2.9.2                                   
 Severity:  major         |    Keywords:  security exploit, spoofing, display_name
--------------------------+-------------------------------------------------

Comment(by nacin):

 > In the WordPress core, do not let the function that sets display_name
 change its value to one which matches the user_login or display_name of
 another user on the system.

 I strongly disagree with that, nor does it scale well. You can easily
 write a plugin that does this, or simply rejects "Admin."

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13866#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list