Vulnerability – Information Disclosure

First off I want to wish a happy new year to all of our visitors to our blog, as well as clients and friends of the Parameter Security family.

Over the New Year holiday our hackers discovered an information disclosure vulnerability on that will disclose a users username.  In order to gain the username you will need to have knowledge of the user’s email address.


At the login enter the known email address.  Enter something into the password (password cannot be blank.)



The login error will disclose the username connected to the email address.



Risk – Low

Use – The information disclosure could be used during footprinting to determine victim’s username on

Note –  The disclosure only happens on This vulnerability does not affect the open-source wordpress software.

The vulnerability was disclosed to WordPress on 1/2/2013