Description
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin SnapApp Multiple Cross-Site Scripting Vulnerabilities (1.5)
WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5)
Moodle Incorrect Authorization Vulnerability (CVE-2024-48901)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)