[wp-trac] [WordPress Trac] #45318: Security problem: Login Oracle
WordPress Trac
noreply at wordpress.org
Sun Nov 11 20:47:41 UTC 2018
#45318: Security problem: Login Oracle
------------------------------------+------------------------
Reporter: d0rkpress | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version:
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
------------------------------------+------------------------
Comment (by d0rkpress):
> Starting to look at usernames as secrets will lead to users,
There's more than a subtle difference between treating user names as
secret or potentially telling every IP address in the internet by a faulty
design to hand out the user name.
And: THIS TICKET IS FIRST ABOUT REMOVING THE ERROR MESSAGE during login.
> For 15 years with WordPress I have thaught users to select a simple
username [..] When logging in, some use a wrong username, but the correct
password. I have thaught them to look at the error message to find which
is wrong.
Then I guess you have done something wrong during the past 15 years. And
you haven't bothered looking at the links I sent nor reading my arguments.
It seems the security mindset of some responding have stopped either in
the early twothousands or I am writing in Chinese. So please excuse me if
I spending my time on something which makes more sense to me.
Unfortunately is seems I cannot delete my account and unfortunately your
IP is in a country which doesn't require this (GDPR does).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45318#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list