I’ve found two cases where the stealth parameters could be leaked to the public.
The first leak happens when the “Meta” widget is enabled. The “Log in” link under Meta reveals the stealth login page. I don’t think this is the intended behavior.
The second leak happens when an attacker visits
/wp-login.php?action=register. If registration is disabled, the attacker will be redirected to the url
/wp-login.php?stealth_q=stealth_a?registration=disabledwith code 403. Malformed as it is, it puts the stealth question (
stealth_q) and answer (
stealth_a) in the open.
- The topic ‘Leaked stealth parameters’ is closed to new replies.