[wp-trac] [WordPress Trac] #31787: Password Reset Form Improved Error Messages

WordPress Trac noreply at wordpress.org
Fri Mar 27 17:01:00 UTC 2015


#31787: Password Reset Form Improved Error Messages
-------------------------------------+------------------------
 Reporter:  mrtortai                 |       Owner:
     Type:  defect (bug)             |      Status:  closed
 Priority:  normal                   |   Milestone:
Component:  Login and Registration   |     Version:  trunk
 Severity:  normal                   |  Resolution:  duplicate
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------

Comment (by jorbin):

 Thanks for the report mrtortai.  As is pointed out above, this is by
 design.  We need to balance user friendliness with information disclosure
 and as usernames are not considered private information ( the article on
 halfelf.org linked above does a decent job of explaining this), user
 friendliness wins here.

 In the future, if you have what you would consider a security issue, I
 would encourage you to first email security at wordpress.org before creating
 a trac ticket.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31787#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list