CVE-2009-2336

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 10 July 2009

Summary

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://corelabs.coresecurity.com/index.php?action=view&ty...

x_refsource_MISC

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Jul 10, 2009
Vulnerability Reserved
Jul 5, 2009