Generic login failure message
|Reported by:||scohoust||Owned by:||ryan|
I'm happy to be told that this is not important but something I felt like mentioning. Take a common web application and get your password wrong - very often you'll be told the username/password combination is wrong (and not specifically your password).
WordPress doesn't do this, instead it will tell simply tell you that the password is wrong. Helpful perhaps to the user but also a bit of a security issue?
Patch changes the message to not differentiate between a correct or incorrect username.
Change History (13)
- Keywords 2nd-opinion added
- Resolution wontfix deleted
- Severity changed from minor to major
- Status changed from closed to reopened
- Keywords close added
- Resolution set to wontfix
- Severity changed from major to normal
- Status changed from reopened to closed