QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2335

Published: Jul 10, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2009-8538

vendor-advisory

x_refsource_FEDORA

http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

x_refsource_MISC

FEDORA-2009-7729

vendor-advisory

x_refsource_FEDORA

20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

FEDORA-2009-7701

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_VUPEN

FEDORA-2009-8529

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_OSVDB

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.