Launchpad.net

CVE 2009-2335

WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."

Related bugs and status

CVE-2009-2335 (Candidate) is related to these bugs:

Bug #227547: ubuntu wordpress should suppress the "please update" warning

		In	Importance	Status
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu)	Wishlist	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Debian)	Undecided	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu Intrepid)	Undecided	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 35581
OSVDB: 55713
SECTRACK: 1022528
VUPEN: ADV-2009-1833
FEDORA: FEDORA-2009-7701
FEDORA: FEDORA-2009-7729
FEDORA: FEDORA-2009-8529
FEDORA: FEDORA-2009-8538
MISC: http://corelabs.corese...
EXPLOIT-DB: 9110
BUGTRAQ: 20090708 CORE-2009-015...