CVE Vulnerabilities

CVE-2007-0109

Published: Jan 09, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 2.0 2.0
Wordpress Wordpress 2.0.2 2.0.2
Wordpress Wordpress 2.0.1 2.0.1
Wordpress Wordpress 2.0.4 2.0.4
Wordpress Wordpress 2.0.5 2.0.5
Wordpress Wordpress 2.0.3 2.0.3

References