[wp-trac] [WordPress Trac] #9568: Allow users to log in using their email address
WordPress Trac
noreply at wordpress.org
Sat Jan 16 12:34:46 UTC 2016
#9568: Allow users to log in using their email address
---------------------------------------------------+-----------------------
Reporter: Denis-de-Bernardy | Owner:
Type: feature request | Status: assigned
Priority: normal | Milestone: 4.5
Component: Users | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests dev-feedback | Focuses:
---------------------------------------------------+-----------------------
Comment (by swissspidy):
> Important consideration: the error message reported when a valid email
address is entered can lead to information disclosure. It allows an
attacker to determine which email addresses are in use on the site. (The
same issue does not apply to usernames as usernames are not considered
private information.)
Absolutely valid point. Perhaps it's time to get rid of the detailed error
message and just show a "Incorrect email or password" message. That would
fix the information disclosure issue. See also #12129.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/9568#comment:84>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list