[wp-trac] [WordPress Trac] #31787: Password Reset Form Improved Error Messages
WordPress Trac
noreply at wordpress.org
Fri Mar 27 17:39:05 UTC 2015
#31787: Password Reset Form Improved Error Messages
-------------------------------------+------------------------
Reporter: mrtortai | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: trunk
Severity: normal | Resolution: duplicate
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------
Comment (by voldemortensen):
For the sake of argument, let's say we change the error message to say
something else. It would take any decent bot an extremely negligible
amount of time to determine username from either the urls as @mark
mentioned or the use of an enumeration tool, or any of the other ways
usernames are available. I do think that security through obscurity is
helpful in some areas, but this change wouldn't slow down anyone with
malicious intent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31787#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list