CVE-2009-2335

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-07-10 21:00

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2335

Mitre link : CVE-2009-2335

CVE.ORG link : CVE-2009-2335


JSON object : View

Products Affected

wordpress

  • wordpress
  • wordpress_mu
CWE
CWE-16

Configuration