[wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
Naema Chowdhry
naemab at yahoo.com
Thu May 26 15:41:52 UTC 2011
sorry...I clicked 'reply' to the wrong message :)
________________________________
From: Naema Chowdhry <naemab at yahoo.com>
To: wp-testers at lists.automattic.com
Sent: Thu, May 26, 2011 11:33:18 AM
Subject: Re: [wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs
and User Names Disclosure
I am looking at the iPod and does it have wi-fi on it? Because they are touting
video talking "with your friends"
________________________________
From: Cameron Miller <cameron at grumpyfish.com>
To: wp-testers at lists.automattic.com
Sent: Thu, May 26, 2011 11:32:22 AM
Subject: Re: [wp-testers] Talsoft S.R.L. Security Advisory - WordPress User IDs
and User Names Disclosure
That email looked pretty impressive though, huh? Gotta admit that :-)
I kinda agree with you though, Andrew. Probably 80% of the WordPress installs
out there still have "admin" as the superuser name, so it's not like it's a big
secret or anything.
Cameron.
On May 27, 2011, at 12:17 AM, Andrew Nacin wrote:
> On Thu, May 26, 2011 at 9:59 AM, Veronica <vero.valeros at gmail.com> wrote:
>
>> -----------------------------------------------------------------------
>> Talsoft S.R.L. Security Advisory
>> WordPress User IDs and User Names Disclosure
>> -----------------------------------------------------------------------
>>
>> I. Advisory information
>> Title: WordPress User IDs and User Names Disclosure
>> Advisory Id: TALSOFT-2011-0526
>> Advisory URL:
>>http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
>>
>>e
>> Date published: 2011-05-26
>
>
>
> <snip>
>>
>> - WordPress team agreed to release the security advisory.
>
>
> Worth sharing here that the WordPress core team is under the opinion that
> username disclosure is not and has never been a security vulnerability.
> There will be no further work in this area.
>
> Nacin
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
_______________________________________________
wp-testers mailing list
wp-testers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers
More information about the wp-testers
mailing list