[wp-trac] [WordPress Trac] #24647: WordPress login page falls into HTTP 406 Not Acceptable error after a few clicks (was: Wordpress login page falls into HTTP 406 Not Acceptable error after a few clicks)
WordPress Trac
noreply at wordpress.org
Wed Jun 26 17:14:00 UTC 2013
#24647: WordPress login page falls into HTTP 406 Not Acceptable error after a few
clicks
--------------------------+------------------------------
Reporter: Ricardo2013 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.5.2
Severity: normal | Resolution:
Keywords: needs-patch |
--------------------------+------------------------------
Description changed by SergeyBiryukov:
Old description:
> At first I thought this was just my own site, but then I tested a dummy
> site within the same web hosting account and finally a random wordpress
> site on the web.
>
> This problem is very easy to reproduce. Simply go to wp-login.php and
> instead of logging in, click on the register link or on the "Lost your
> password?" link and the quickly press the back button to return to the
> login page. Repeat going to the register or lost password pages and
> returning to the login page several times, until you get the
>
> HTTP 406 Not Acceptable error
>
> This cripples the login mechanism for a few minutes at least. Excellent
> for a denial of service attack using only one computer.
New description:
At first I thought this was just my own site, but then I tested a dummy
site within the same web hosting account and finally a random !WordPress
site on the web.
This problem is very easy to reproduce. Simply go to wp-login.php and
instead of logging in, click on the register link or on the "Lost your
password?" link and the quickly press the back button to return to the
login page. Repeat going to the register or lost password pages and
returning to the login page several times, until you get the
HTTP 406 Not Acceptable error
This cripples the login mechanism for a few minutes at least. Excellent
for a denial of service attack using only one computer.
--
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24647#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list