[wp-trac] Re: [WordPress Trac] #5301: WordPress can "leak" if a
username is valid
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 1 05:55:09 GMT 2007
#5301: WordPress can "leak" if a username is valid
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: Administration | Version: 2.3.1
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+-----------------------------------------------
Comment (by Viper007Bond):
Son of a... I knew I shoulda searched. That's what I get for being lazy.
As mentioned in #3708, a username can still be found via alternate methods
in some cases.
But yeah, it doesn't stop things in the end, but why provide a username
validator when we don't have to? This patch obviously won't stop a
determined hacker, but just may make their life slightly harder in some
cases.
--
Ticket URL: <http://trac.wordpress.org/ticket/5301#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list