Description
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP PHP widget Information Disclosure (1.0.2)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.14)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.23)
WordPress Plugin BeCustom Cross-Site Request Forgery (1.0.5.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)