ID | CVE-2009-2336 | ||||||
Sažetak | The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | AV:N/AC:L/Au:N/C:P/I:N/A:N | ||||||
Zadnje važnije ažuriranje | 08-11-2018 - 20:39 | ||||||
Objavljeno | 10-07-2009 - 21:00 |