Full Disclosure: Re: WordPress User Account Information Leak / Secunia Advisory SA23621

Re: WordPress User Account Information Leak / Secunia Advisory SA23621

From: Maksymilian <max () cert cx>
Date: Fri, 5 Jul 2013 14:46:41 +0200

2013/7/5 adam <adam () papsy net>


Why wouldn't they simply offer it as a feature in future versions, even if
they left it disabled? It's clearly doing harm by not being an option, and
would do what exactly for it to be an option? Waste 3 minutes of a
developer's time?



CWE-204 for WordPress and Drupal?

http://cwe.mitre.org/data/definitions/204.html

CVE request?

Similar vulnerabilities with CVE
http://cxsecurity.com/cveshow/CVE-2005-1650
http://cxsecurity.com/cveshow/CVE-2004-0294

Maksymilian A
http://cxsecurity.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Maksymilian (Jul 05)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 05)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 adam (Jul 05)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 05)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Alex (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Ryan Dewhurst (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Maksymilian (Jul 05)