[wp-trac] [WordPress Trac] #46675: Just found a url hack that will disclose admin log in user name

WordPress Trac noreply at wordpress.org
Wed Mar 27 17:05:09 UTC 2019


#46675: Just found a url hack that will disclose admin log in user name
---------------------------+----------------------
 Reporter:  jeremiah01292  |       Owner:  (none)
     Type:  defect (bug)   |      Status:  closed
 Priority:  normal         |   Milestone:
Component:  Security       |     Version:
 Severity:  normal         |  Resolution:  invalid
 Keywords:                 |     Focuses:  privacy
---------------------------+----------------------
Changes (by johnbillion):

 * status:  new => closed
 * resolution:   => invalid
 * focuses:  privacy, coding-standards => privacy
 * component:  General => Security
 * milestone:  Awaiting Review =>


Comment:

 @jeremiah01292 Thank you for your interest in keeping WordPress users
 secure, but there are two prominent messages relating to security
 vulnerability disclosures that you need to ignore in order to submit a
 ticket here. Did you honestly see neither of them?

 [[Image(https://i.imgur.com/y0Fxm7I.png)]]

 [[Image(https://i.imgur.com/9ADQbxE.png)]]

 Clicking through to the security program details why usernames are
 considered public information. You can read about that here:
 https://make.wordpress.org/core/handbook/testing/reporting-security-
 vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a
 -security-issue

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46675#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list