That email looked pretty impressive though, huh? Gotta admit that :-) I kinda agree with you though, Andrew. Probably 80% of the WordPress installs out there still have "admin" as the superuser name, so it's not like it's a big secret or anything.
Cameron. On May 27, 2011, at 12:17 AM, Andrew Nacin wrote: > On Thu, May 26, 2011 at 9:59 AM, Veronica <[email protected]> wrote: > >> ----------------------------------------------------------------------- >> Talsoft S.R.L. Security Advisory >> WordPress User IDs and User Names Disclosure >> ----------------------------------------------------------------------- >> >> I. Advisory information >> Title: WordPress User IDs and User Names Disclosure >> Advisory Id: TALSOFT-2011-0526 >> Advisory URL: >> http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure >> Date published: 2011-05-26 > > > > <snip> >> >> - WordPress team agreed to release the security advisory. > > > Worth sharing here that the WordPress core team is under the opinion that > username disclosure is not and has never been a security vulnerability. > There will be no further work in this area. > > Nacin > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
