Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
errors display on login and reset passward forms should not disclose the existance of user names and emails #133
When a login attempt fails WordPress will gladly tell you that the user name/email is fine and your problem is with the password. Ignoring the fact that the way the code is written can not guaranty that the mistake is with the password and not the user name, the major problem is that with this kind of error an attacker can easily exploit to learn what are the user names used on the site, and even if some actual people have a user on th site.
Same problem exists with the reset password form.