[wp-trac] [WordPress Trac] #31787: Password Reset Form Improved Error Messages
WordPress Trac
noreply at wordpress.org
Fri Mar 27 17:01:00 UTC 2015
#31787: Password Reset Form Improved Error Messages
-------------------------------------+------------------------
Reporter: mrtortai | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: trunk
Severity: normal | Resolution: duplicate
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------
Comment (by jorbin):
Thanks for the report mrtortai. As is pointed out above, this is by
design. We need to balance user friendliness with information disclosure
and as usernames are not considered private information ( the article on
halfelf.org linked above does a decent job of explaining this), user
friendliness wins here.
In the future, if you have what you would consider a security issue, I
would encourage you to first email security at wordpress.org before creating
a trac ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31787#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list