5

CVE-2009-2336

Exploit

WordPress Core & WordPress MU < 2.8.1 - Username Enumeration

The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.  NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
Mögliche Gegenmaßnahme
WordPress: Update to version 2.8.1, or a newer patched version
WordPress MU: Update to version 2.8.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version * - 2.8
SystemWordPress Core
Produkt WordPress MU
Version * - 2.8
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version < 2.8.1
WordpressWordpress Mu Version < 2.8.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.842
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
http://securitytracker.com/id?1022528
Patch
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/9110
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35581
Third Party Advisory
VDB Entry
http://www.osvdb.org/55714
Patch
Broken Link