[wp-trac] [WordPress Trac] #25428: All administrator, authors, usernames able to be discovered
WordPress Trac
noreply at wordpress.org
Fri Sep 27 22:18:38 UTC 2013
#25428: All administrator, authors, usernames able to be discovered
--------------------------+-----------------------------
Reporter: taipo | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.6.1
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
By appending ?author=2 ?author=3 or whatever userid number, an attacker is
able to retrieve the complete list of usernames including the
administrator usernames.
This then gives the attacker an advantage for bruteforcing user password
combinations.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25428>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list