Описание
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.8.3-2ubuntu1 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | ignored | end of life |
| karmic | not-affected | 2.8.3-2ubuntu1 |
| lucid | not-affected | 2.8.3-2ubuntu1 |
| maverick | not-affected | 2.8.3-2ubuntu1 |
| natty | not-affected | 2.8.3-2ubuntu1 |
| oneiric | not-affected | 2.8.3-2ubuntu1 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
EPSS
5 Medium
CVSS2