ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.0.5 - Dictionnary & Bruteforce attack

Product
WordPress
Description
In WordPress 2.0.5 and previous versions, there's a different error message if a user exists or not, which allows attackers to obtain sensitive information.
Solution
Update the WordPress to the latest available version (at least 2.0.6).
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2007-0109
Versions
Affected In <= 2.0.5
Fixed In 2.0.6
Disclosure date
2007-01-08
Submitter
ThreatPress