[wp-hackers] Maybe a secure-hole

Frank Bueltge frank at bueltge.de
Thu Oct 9 06:55:04 GMT 2008


When you include a link to the authro and activate the permalink, then
you became a link to the login-name of the author.
This is a secure-hole. Hackers use this login-namer and searc h for
the password.

examble:
<a href="http://localhost/wpbeta/author/admin/" title="Posts by Frank
Bueltge">Frank Bueltge</a>

Link to:
http://localhost/wpbeta/author/admin/

admin is the login-name and the author had set the name in the Blog on
your namen and surename.

maybe it is possible to cahnge this in 2.7?

* Sorry for my bad english, i hope your understand me.
Best wishes


More information about the wp-hackers mailing list