CVE-2007-0109

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Date published : 2007-01-08

http://www.securityfocus.com/archive/1/455927/100/0/threaded

http://security.gentoo.org/glsa/glsa-200701-10.xml