Support » Plugin: Stop User Enumeration » Works on most sites, but not on all sites

  • Resolved Alain Lankers

    (@alain-lankers)


    I have installed this plugin on different websites. On most of them this plugin works. I did a scan and no users are enumerated. Thats perfect, because without this plugin the website users are enumerated in the scan.

    But on some sites users are still enumerated when I scan the site. They are detected because of RSS Generator or Author Sitemap, although the plugin is activated.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Fullworks

    (@fullworks)

    Can you give more specifics regarding ” RSS Generator or Author Sitemap” ?

    Alain Lankers

    (@alain-lankers)

    The usernames where generated by the scan through the RSS generator and also user was generated by author sitemap XML. Both are the sources of which the scan found the user names.

    Plugin Author Fullworks

    (@fullworks)

    The plugin doesn’t attempt to protect agains RSS or sitemap leakage, if you provide me a URL I will see if it is something that can be protected against.

    Alain Lankers

    (@alain-lankers)

    On some sites it did work very well, no users enumerated. Hereby one URL which still has users enumerated from RSS and sitemap: http://bit.ly/2JHSIzw

    Plugin Author Fullworks

    (@fullworks)

    It would seen that RSS and site map display ‘display name’ not ‘login name’. Obviously if they are the same that is an issue for you, can you advise?

    Alain Lankers

    (@alain-lankers)

    Yes they are display name not login name, here was the confusing.

    Plugin Author Fullworks

    (@fullworks)

    Thanks for confirming.

    Alain Lankers

    (@alain-lankers)

    Thanks for your time!

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.