id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5301	"WordPress can ""leak"" if a username is valid"	Viper007Bond	anonymous	"When you enter a valid username but an invalid password, WordPress lets you know the username is valid by complaining that only the password is invalid.

Attached patch combines the two error messages so that if either the username or the password is wrong, it says the same error message which gives less away.

Makes it harder for a hacker to gain access to a blog."	defect (bug)	closed	normal		Administration	2.3.1	normal	wontfix	has-patch, security