[wp-trac] [WordPress Trac] #12129: Generic login failure message
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 4 21:29:56 UTC 2010
#12129: Generic login failure message
-------------------------+--------------------------------------------------
Reporter: scohoust | Owner: ryan
Type: enhancement | Status: new
Priority: low | Milestone: Unassigned
Component: Security | Version:
Severity: minor | Keywords:
-------------------------+--------------------------------------------------
I'm happy to be told that this is not important but something I felt like
mentioning. Take a common web application and get your password wrong -
very often you'll be told the username/password combination is wrong (and
not specifically your password).
WordPress doesn't do this, instead it will tell simply tell you that the
password is wrong. Helpful perhaps to the user but also a bit of a
security issue?
Patch changes the message to not differentiate between a correct or
incorrect username.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12129>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list