WordPress.org

Make WordPress Core

Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#23078 closed defect (bug) (invalid)

report on vulneribility in wordpress main site

Reported by: coolwashere Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: WordPress.org site Keywords:
Focuses: Cc:

Description

It asks for login in this link https://core.trac.wordpress.org/login
when we press cancel there wil be a page with 401 authorization required error followed by version Apache Server at core.trac.wordpress.org Port 443 .

Attacker can use these details to exploit the site so try to fix it up .

-Thank you


Change History (2)

comment:1 nacin19 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Again, when you created this ticket:

Do not report potential security vulnerabilities here. Read the Security FAQ and email us at security@….

That said, this is standard HTTP Authorization. Nothing vulnerable about it.

comment:2 SergeyBiryukov19 months ago

  • Component changed from General to WordPress.org site
  • Keywords needs-patch removed
  • Severity changed from critical to normal
  • Version trunk deleted
Note: See TracTickets for help on using tickets.