Username Enumeration Vulnerability in WordPress by Automattic

CVE-2009-2336

Summary

An issue in WordPress and WordPress MU versions prior to 2.8.1 allows remote attackers to assess the existence of user accounts through inconsistent password request responses. This discrepancy means attackers can probe the system to discover valid usernames, potentially facilitating unauthorized access attempts. The vendor has downplayed the issue as a user convenience feature, but it presents a significant risk for user account integrity.

References