Make WordPress Core

Opened 19 months ago

Last modified 19 months ago

#38829 new defect (bug)

Message error posting the username and database name of the WP installation

Reported by: mailcatala Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Database Keywords: reporter-feedback
Focuses: Cc:


Under severe load, MySQL is not responsive and WordPress shows a message "Can’t select database” showing the username and database name from the wp-config file.

This vulnerability could be leveraged by an attacker to assist in performing a brute force or dictionary attack against the database.

Change History (2)

#1 @pento
19 months ago

  • Keywords reporter-feedback added
  • Version 4.6.1 deleted

Thank you for the ticket, @mailcatala!

This error should only be displaying if WP_DEBUG is set to true in your wp-config.php - could you confirm that this is the case? If so, this is expected behaviour, WP_DEBUG should not be enabled in production.

#2 @mailcatala
19 months ago

@pento Hello Gary, I can confirm that it is set to false. I believe that I can replicate the condition. While today I'm on the road, we can schedule some time for you to verify in the coming days. Alvaro Gilabert aka mailcatala

Note: See TracTickets for help on using tickets.