[wp-trac] [WordPress Trac] #45318: Security problem: Login Oracle
    WordPress Trac 
    noreply at wordpress.org
       
    Sun Nov 11 20:47:41 UTC 2018
    
    
  
#45318: Security problem: Login Oracle
------------------------------------+------------------------
 Reporter:  d0rkpress               |       Owner:  (none)
     Type:  defect (bug)            |      Status:  closed
 Priority:  normal                  |   Milestone:
Component:  Login and Registration  |     Version:
 Severity:  normal                  |  Resolution:  duplicate
 Keywords:                          |     Focuses:
------------------------------------+------------------------
Comment (by d0rkpress):
 > Starting to look at usernames as secrets will lead to users,
 There's more than a subtle difference between treating user names as
 secret or potentially telling every IP address in the internet by a faulty
 design to hand out the user name.
 And: THIS TICKET IS FIRST ABOUT REMOVING THE ERROR MESSAGE during login.
 > For 15 years with WordPress I have thaught users to select a simple
 username [..] When logging in, some use a wrong username, but the correct
 password. I have thaught them to look at the error message to find which
 is wrong.
 Then I guess you have done something wrong during the past 15 years. And
 you haven't bothered looking at the links I sent nor reading my arguments.
 It seems the security mindset of some responding have stopped either in
 the early twothousands or I am writing in Chinese. So please excuse me if
 I spending my time on something which makes more sense to me.
 Unfortunately is seems I cannot delete my account and unfortunately your
 IP is in a country which doesn't require this (GDPR does).
-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45318#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
    
    
More information about the wp-trac
mailing list