CVE-2007-0109 Information

Description

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Reference

http://osvdb.org/31577 http://secunia.com/advisories/23621 http://secunia.com/advisories/23741 http://security.gentoo.org/glsa/glsa-200701-10.xml http://securityreason.com/securityalert/2113 http://www.securityfocus.com/archive/1/455927/100/0/threaded http://www.vupen.com/english/advisories/2007/0062 https://exchange.xforce.ibmcloud.com/vulnerabilities/31262