331 – User Enumeration - Wordpress
Description
As a result of an inadequate configuration practice, valid users may be listed in the application.
Impact
Find valid users within the application.
Recommendation
Implement generic error messages that do not allow an attacker to discern the users existence on the system through HTTP errors (500 or 404).
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: L
- Attack Requirements: N
- Privileges required: N
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: X