Make WordPress Core

Opened 5 years ago

Closed 3 years ago

#38829 closed defect (bug) (worksforme)

Message error posting the username and database name of the WP installation

Reported by: mailcatala Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Database Keywords:
Focuses: Cc:


Under severe load, MySQL is not responsive and WordPress shows a message "Can’t select database” showing the username and database name from the wp-config file.

This vulnerability could be leveraged by an attacker to assist in performing a brute force or dictionary attack against the database.

Change History (3)

#1 @pento
5 years ago

  • Keywords reporter-feedback added
  • Version 4.6.1 deleted

Thank you for the ticket, @mailcatala!

This error should only be displaying if WP_DEBUG is set to true in your wp-config.php - could you confirm that this is the case? If so, this is expected behaviour, WP_DEBUG should not be enabled in production.

#2 @mailcatala
5 years ago

Hello Gary,
I can confirm that it is set to false.
I believe that I can replicate the condition.
While today I'm on the road, we can schedule some time for you to verify in the coming days.
Alvaro Gilabert aka mailcatala

#3 @desrosj
3 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Hi @mailcatala,

Sorry that this fell by the wayside. I am unable to reproduce this issue today with the latest version of WordPress. I am going to close this out, but if you are still able to reproduce this issue, please re-open with more details.

Note: See TracTickets for help on using tickets.