id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
4290	Username information leak on wp-login.php	jimp79	anonymous	"The wp-login.php leaks valid usernames due to the fact that it gives different error messages if the entered user exists or not.

If the username exists the error message is: ERROR: Incorrect password.
If the username does not exist then the error message is: ERROR: Invalid username.

This vulnerability could be leveraged by an attacker to assist in performing a brute force or dictionary attack against th login form."	defect (bug)	closed	normal		Administration		major	wontfix	security