[wp-trac] [WordPress Trac] #44935: Automated test's suggesting /wp-login.php?action=lostpassword can be used for compromizing site
WordPress Trac
noreply at wordpress.org
Wed Sep 12 14:07:21 UTC 2018
#44935: Automated test's suggesting /wp-login.php?action=lostpassword can be used
for compromizing site
------------------------------------+----------------------
Reporter: wzislam | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: 4.9.8
Severity: normal | Resolution: invalid
Keywords: | Focuses:
------------------------------------+----------------------
Changes (by swissspidy):
* status: new => closed
* severity: major => normal
* component: Security => Login and Registration
* milestone: Awaiting Review =>
* keywords: needs-testing =>
* resolution: => invalid
Comment:
Hi there!
When creating a ticket, there was a big warning saying "Do not report
potential security vulnerabilities here.".
Next time when you create a ticket that's about security, please think
twice whether it's a potential security vulnerability and report it
responsibly at https://hackerone.com/wordpress.
Ideally, you manually verify the result of your automated scanner. Because
in this case, this is a false positive and no real path disclosure issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44935#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list