Full Disclosure mailing list archives

Re: WordPress User Account Information Leak / Secunia Advisory SA23621

From: Ivan Carlos <icarlos () icarlos net>
Date: Thu, 4 Jul 2013 10:22:26 -0300

Can't you open a new bt about this issue?

Regards,
Em 04/07/2013 10:16, "Sven Kieske" <svenkieske () gmail com> escreveu:

Hi,

the mentioned User account Enumeration Weakness
stated in Advisory https://secunia.com/advisories/23621/
still exists in the actual version 3.5.2 .

The corresponding trac entry for wordpress is closed as
"wontfix":
https://core.trac.wordpress.org/ticket/1129

Why?

Maybe, because the trac bug mentions just version 1.5 as affected?

I can easily reproduce this in version 3.5.2 .

Please fix this, this bug is 8 years old!

Kind Regards

Sven Kieske

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WordPress User Account Information Leak / Secunia Advisory SA23621 Sven Kieske (Jul 04)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 "><script>alert(1)</script> (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Tavis Ormandy (Jul 06)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Ivan Carlos (Jul 04)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Harry Metcalfe (Jul 05)