Skip to main content

User Enumeration - Wordpress

Description

As a result of an inadequate configuration practice, valid users may be listed in the application.

Impact

Find valid users within the application.

Recommendation

Implement generic error messages that do not allow an attacker to discern the users existence on the system through HTTP errors (500 or 404).

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⌚ 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: N
  • Availability: N

Temporal

  • Exploit code madurity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 5.3
    • Temporal: 5.3
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The application uses correct controls to avoid user enumeration

//.htaccess cofiguration to stop WordPress username enumeration vulnerability
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ myexampleplage.com? [L,R=301]

Non compliant code

The http responses include sensitive information like users id, or provide different status codes when the user does not exist

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Oct 2019 23:12:26 GMT
Location: myexamplepage/userID/
Server: nginx/1.10.3 (Ubuntu)

Requirements