Red Hat Bugzilla – Bug 1291356
wordpress: Information exposure on whether the username is registered in the system
Last modified: 2016-02-04 11:20:03 EST
It was found that Wordpress up to v4.4 discloses whether a username is registered inside the system at /wp_login.php, allowing attackers the opportunity to do brute-force password cracking attacks.
Created wordpress tracking bugs for this issue:
Affects: fedora-all [bug 1291357]
Affects: epel-all [bug 1291358]