[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, adam <adam@xxxxxxxxx>
Subject: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
From: Maksymilian <max@xxxxxxx>
Date: Fri, 5 Jul 2013 14:46:41 +0200

2013/7/5 adam <adam@xxxxxxxxx>

>
> Why wouldn't they simply offer it as a feature in future versions, even if
> they left it disabled? It's clearly doing harm by not being an option, and
> would do what exactly for it to be an option? Waste 3 minutes of a
> developer's time?
>


CWE-204 for WordPress and Drupal?

http://cwe.mitre.org/data/definitions/204.html

CVE request?

Similar vulnerabilities with CVE
http://cxsecurity.com/cveshow/CVE-2005-1650
http://cxsecurity.com/cveshow/CVE-2004-0294

Maksymilian A
http://cxsecurity.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: Maksymilian
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: Dan Ballance
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: adam

Prev by Date: Re: [Full-disclosure] eResourcePlanner Authentication Bypass/SQL Injection
Next by Date: [Full-disclosure] XSS and FPD vulnerabilities in Search 'N Save for WordPress
Previous by thread: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Next by thread: [Full-disclosure] XSS and FPD vulnerabilities in Search 'N Save for WordPress
Index(es):
- Date
- Thread