Support » Plugin: Stop User Enumeration » Possible Enumeration Problem with latest version

  • Resolved PthPndr

    (@pthpndr)


    In the latest version (1.3.10) I noticed redirection when using:
    http://mysite.com/?author=X

    If users didn’t exist or had no posts I saw the forbidden notice, however on other users it redirected them to their user author URL.

    I downgraded to 1.3.9 and everything appeared to work again as it should.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Fullworks

    (@fullworks)

    Strange, as that bit of logic didn’t cahnge betweem 1.39 & 1.3.10

    When you say author=x you do mean x is a number? As that is what enumeration detects.

    A common mistake is to ‘test’ whist still logged in. The plugin does not stop logged in users from enumerating, as it is assumed that logged in users are valid.

    Perhaps reload 1.3.10 and make sure you have logged out before testing. And let me know?

    I have also added the issue about testing while logged in to the FAQ as this isn’t the first time this has been noted.

    • This reply was modified 3 years, 9 months ago by Fullworks.
    Plugin Author Fullworks

    (@fullworks)

    Hi, as you haven’t come back to me I guess you are sorted.

    Please let me know if you still have an issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible Enumeration Problem with latest version’ is closed to new replies.