[wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
Cameron Miller
cameron at grumpyfish.com
Thu May 26 15:32:22 UTC 2011
That email looked pretty impressive though, huh? Gotta admit that :-)
I kinda agree with you though, Andrew. Probably 80% of the WordPress installs out there still have "admin" as the superuser name, so it's not like it's a big secret or anything.
Cameron.
On May 27, 2011, at 12:17 AM, Andrew Nacin wrote:
> On Thu, May 26, 2011 at 9:59 AM, Veronica <vero.valeros at gmail.com> wrote:
>
>> -----------------------------------------------------------------------
>> Talsoft S.R.L. Security Advisory
>> WordPress User IDs and User Names Disclosure
>> -----------------------------------------------------------------------
>>
>> I. Advisory information
>> Title: WordPress User IDs and User Names Disclosure
>> Advisory Id: TALSOFT-2011-0526
>> Advisory URL:
>> http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
>> Date published: 2011-05-26
>
>
>
> <snip>
>>
>> - WordPress team agreed to release the security advisory.
>
>
> Worth sharing here that the WordPress core team is under the opinion that
> username disclosure is not and has never been a security vulnerability.
> There will be no further work in this area.
>
> Nacin
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
More information about the wp-testers
mailing list