CVE-2011-4898 in WordPressinfo

Summary

** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

12/23/2011

Disclosure

01/30/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-200

Exploit

Download

CVSS

5.3

EPSS

0.07060

CTI

None

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4898
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4898
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4898/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!