PT-2009-4767 · Automattic · Wordpress Mu+1
Fernando Arnaboldi
+1
·
Publicado
2009-07-10
·
Atualizado
2018-11-08
·
CVE-2009-2336
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress versions prior to 2.8.1
WordPress MU versions prior to 2.8.1
Description
The forgotten mail interface in WordPress and WordPress MU exhibits different behavior for a password request depending on whether the user account exists. This allows remote attackers to enumerate valid usernames.
Recommendations
For WordPress versions prior to 2.8.1, update to version 2.8.1 or later.
For WordPress MU versions prior to 2.8.1, update to version 2.8.1 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wordpress
Wordpress Mu