Description
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-1486 Vulnerability (CVE-2013-1486)
WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)
Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0696)
WordPress Plugin ULTIMATE TABLES SQL Injection (1.5)
Oracle Application Server Other Vulnerability (CVE-2007-2130)