[wp-trac] [WordPress Trac] #3708: wp_login is too "friendly" -- Information disclosure

WordPress Trac wp-trac at lists.automattic.com
Mon Jan 29 09:07:23 GMT 2007


#3708: wp_login is too "friendly" -- Information disclosure
---------------------------+------------------------------------------------
 Reporter:  charleshooper  |       Owner:  anonymous           
     Type:  defect         |      Status:  new                 
 Priority:  low            |   Milestone:  2.3                 
Component:  Security       |     Version:                      
 Severity:  trivial        |    Keywords:  security login error
---------------------------+------------------------------------------------
 While it's not exactly the end of the world, if you attempt to login with
 an invalid username the error message returned is actually "Invalid
 username." Obviously it works as intended; However, I consider this
 information disclosure and feel that invalid usernames and passwords
 should both return the same error message.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3708>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list