[wp-trac] [WordPress Trac] #31787: Password Reset Form Improved Error Messages

WordPress Trac noreply at wordpress.org
Fri Mar 27 17:39:05 UTC 2015


#31787: Password Reset Form Improved Error Messages
-------------------------------------+------------------------
 Reporter:  mrtortai                 |       Owner:
     Type:  defect (bug)             |      Status:  closed
 Priority:  normal                   |   Milestone:
Component:  Login and Registration   |     Version:  trunk
 Severity:  normal                   |  Resolution:  duplicate
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------

Comment (by voldemortensen):

 For the sake of argument, let's say we change the error message to say
 something else. It would take any decent bot an extremely negligible
 amount of time to determine username from either the urls as @mark
 mentioned or the use of an enumeration tool, or any of the other ways
 usernames are available. I do think that security through obscurity is
 helpful in some areas, but this change wouldn't slow down anyone with
 malicious intent.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31787#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list