id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
3708	"wp_login is too ""friendly"" -- Information disclosure"	charleshooper	anonymous	"While it's not exactly the end of the world, if you attempt to login with an invalid username the error message returned is actually ""Invalid username."" Obviously it works as intended; However, I consider this information disclosure and feel that invalid usernames and passwords should both return the same error message."	defect (bug)	closed	low		Security	2.2	trivial	wontfix	security login has-patch