SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WordPress Vendors:   wordpress.org
WordPress Flaw Let Remote Users Determine Valid Usernames and Other Bugs Have Unspecified Impact
SecurityTracker Alert ID:  1025571
SecurityTracker URL:  http://securitytracker.com/id/1025571
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 26 2011
Impact:   Disclosure of system information, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.1.3
Description:   A vulnerability was reported in WordPress. A remote user can determine valid non-author usernames.

A remote user can supply a specially crafted request to cause the system to (by redirection) disclose the User Name associated with the specified User ID.

Veronica Valeros reported this vulnerability.

Also, certain parameters are not properly sanitized, leading to unspecified impact.

Impact:   A remote user can determine valid User Names and User IDs.

The impact of other vulnerabilities was not disclosed.

Solution:   The vendor has issued a fix (3.1.3).

The redirection User Name flaw has been corrected, but the User Name values can still be determined by examination of the page source.

The vendor's advisory is available at:

http://wordpress.org/news/2011/05/wordpress-3-1-3/

Vendor URL:  wordpress.org/news/2011/05/wordpress-3-1-3/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC