[wp-trac] [WordPress Trac] #11959: Value Truncation Still Unchecked in registration.php
WordPress Trac
noreply at wordpress.org
Wed Mar 13 07:58:42 UTC 2019
#11959: Value Truncation Still Unchecked in registration.php
---------------------------------------+-------------------------
Reporter: miqrogroove | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Users | Version:
Severity: normal | Resolution: worksforme
Keywords: needs-patch bulk-reopened | Focuses:
---------------------------------------+-------------------------
Changes (by noisysocks):
* keywords: needs-patch, bulk-reopened => needs-patch bulk-reopened
* status: reopened => closed
* resolution: => worksforme
* milestone: Awaiting Review =>
Comment:
Functions such as username_exists() fail to perform sanity checks against
the storage schema. As a result, it is possible to register multiple
users with the same username, if the length is greater than or equal to
the username field size. Only the first user can login, however anyone
re-registering that username can impersonate the first user to reset their
password.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/11959#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list