wp_login is too "friendly" -- Information disclosure
|Reported by:||charleshooper||Owned by:|
|Component:||Security||Keywords:||security login has-patch|
While it's not exactly the end of the world, if you attempt to login with an invalid username the error message returned is actually "Invalid username." Obviously it works as intended; However, I consider this information disclosure and feel that invalid usernames and passwords should both return the same error message.