Full Disclosure mailing list archives

WordPress User Account Information Leak / Secunia Advisory SA23621

From: Sven Kieske <svenkieske () gmail com>
Date: Thu, 04 Jul 2013 11:56:34 +0200

Hi,

the mentioned User account Enumeration Weakness
stated in Advisory https://secunia.com/advisories/23621/
still exists in the actual version 3.5.2 .

The corresponding trac entry for wordpress is closed as
"wontfix":
https://core.trac.wordpress.org/ticket/1129

Why?

Maybe, because the trac bug mentions just version 1.5 as affected?

I can easily reproduce this in version 3.5.2 .

Please fix this, this bug is 8 years old!

Kind Regards

Sven Kieske

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WordPress User Account Information Leak / Secunia Advisory SA23621 Sven Kieske (Jul 04)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 "><script>alert(1)</script> (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Tavis Ormandy (Jul 06)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Ivan Carlos (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)