[wp-trac] [WordPress Trac] #5301: WordPress can "leak" if a
username is valid
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 1 05:16:56 GMT 2007
#5301: WordPress can "leak" if a username is valid
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.3.2
Component: Administration | Version: 2.3
Severity: normal | Keywords: has-patch
----------------------------+-----------------------------------------------
When you enter a valid username but an invalid password, WordPress lets
you know the username is valid by complaining that only the password is
invalid.
Attached patch combines the two error messages so that if either the
username or the password is wrong, it says the same error message which
gives less away.
Makes it harder for a hacker to gain access to a blog.
--
Ticket URL: <http://trac.wordpress.org/ticket/5301>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list