[wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure

Naema Chowdhry naemab at yahoo.com
Thu May 26 15:33:18 UTC 2011


I am looking at the iPod and does it have wi-fi on it? Because they are touting 
video talking "with your friends"




________________________________
From: Cameron Miller <cameron at grumpyfish.com>
To: wp-testers at lists.automattic.com
Sent: Thu, May 26, 2011 11:32:22 AM
Subject: Re: [wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs 
and User Names Disclosure

That email looked pretty impressive though, huh? Gotta admit that :-)

I kinda agree with you though, Andrew. Probably 80% of the WordPress installs 
out there still have "admin" as the superuser name, so it's not like it's a big 
secret or anything.

Cameron.



On May 27, 2011, at 12:17 AM, Andrew Nacin wrote:

> On Thu, May 26, 2011 at 9:59 AM, Veronica <vero.valeros at gmail.com> wrote:
> 
>> -----------------------------------------------------------------------
>> Talsoft S.R.L. Security Advisory
>> WordPress User IDs and User Names Disclosure
>> -----------------------------------------------------------------------
>> 
>> I. Advisory information
>> Title: WordPress User IDs and User Names Disclosure
>> Advisory Id: TALSOFT-2011-0526
>> Advisory URL:
>>http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
>>e
>> Date published: 2011-05-26
> 
> 
> 
> <snip>
>> 
>>      - WordPress team agreed to release the security advisory.
> 
> 
> Worth sharing here that the WordPress core team is under the opinion that
> username disclosure is not and has never been a security vulnerability.
> There will be no further work in this area.
> 
> Nacin
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers

_______________________________________________
wp-testers mailing list
wp-testers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers


More information about the wp-testers mailing list