Re: [Full-disclosure] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Veronica, Also you can "enumerate" wordpress users using the wp-login.php. When you enter a non-existent user wordpress returns "Invalid username" and when you enter a valid user with any random/dummie password, wordpress returns "Invalid Password"
[Full-disclosure] Talsoft S.R.L. Security Advisory - WordPress User IDs and User Names Disclosure
--- Talsoft S.R.L. Security Advisory WordPress User IDs and User Names Disclosure --- I. Advisory information Title: WordPress User IDs and User Names Disclosure