WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] can login without password (5 posts)

  1. willem67
    Member
    Posted 2 years ago #

    I discovered that I can login to my site with any password as long I use the correct username. I don't know how long this has been going on.

    I did reset my password several times without result. I also emptied cache; removed password from my browser; my operating system, etc. But I can still login with any password.

    This is very worrying.

    Willem

  2. Try a different browser.

    Also what plugins are you running? I can't repro this on a clean install.

  3. willem67
    Member
    Posted 2 years ago #

    I just solved it by looking into my plugins. When I deactivated 'Absolutely Privacy' the problem is over.

    Bizarrely, I have had that plugin for a long time.

    Conclusion: The security leak seems to be in 'Absolutely Privacy'

    What is the official method to report such a leak?

  4. Usually by doing what you did: http://wordpress.org/tags/absolute-privacy?forum_id=10 lists other people having the same problem.

    You can also email plugins[at]wordpress.org to report it.

  5. Eric Mann
    Member
    Posted 2 years ago #

    The plugin has been patched as of version 2.0.6 to fix this vulnerability.

Topic Closed

This topic has been closed to new replies.

About this Topic