Solid Security – Password, Two Factor Authentication, and Brute Force Protection, 644b563ee3339b1ba6d9dd93f3d8da484fca06b6

CVE, Research URL: 644b563ee3339b1ba6d9dd93f3d8da484fca06b6
Home page URL: Security reports for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Application: Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Published on: Sep 27, 2016
Research Description: Kadence Security – Password, Two Factor Authentication, and Brute Force Protection [better-wp-security] < 5.6.2 iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response The iThemes Security plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including 5.6.1, due to invalid username/password combinations returning different HTTP headers on response. This makes it possible for attackers to observe differences in responses to determine valid usernames on the site (username enumeration).
Affected versions: max 5.6.2.
Status: vulnerable