wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-01-08 16:28
Updated : 2018-10-16 09:31
NVD link : CVE-2007-0109
Mitre link : CVE-2007-0109
JSON object : View
CWE
Products Affected
wordpress
- wordpress