user enumeration vulnerability

[nicoladj77]

This is coming from our system teams: I discovered that the login users can be easily guessed which is a security concern. In order to replicate the issue do the following: Visit https://www.wordpressinstall.com/wp-login.php Type any existing username, for example: nicola The login will redirect to a Google Authenticator This is considered a user enumeration vulnerability that should be fixed in the close future. Basically you can guess user names by seeing if you are or you are not redirected to the authenticator page