{"id":"UBUNTU-CVE-2011-4898","details":"** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective.","modified":"2012-01-30T17:55:00Z","published":"2012-01-30T17:55:00Z","withdrawn":"2025-06-23T15:52:32Z","references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2011-4898"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2011-4898"}],"affected":[{"package":{"name":"wordpress","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/wordpress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.3+dfsg-1","4.3.1+dfsg-1","4.4+dfsg-1","4.4.1+dfsg-1","4.4.2+dfsg-1","4.4.2+dfsg-1ubuntu1"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4898.json"}},{"package":{"name":"wordpress","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/wordpress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.8.2+dfsg-2","4.8.3+dfsg-1","4.9.1+dfsg-1","4.9.2+dfsg-1","4.9.4+dfsg-1","4.9.5+dfsg1-1"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4898.json"}},{"package":{"name":"wordpress","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/wordpress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.2.2+dfsg1-1","5.2.4+dfsg1-1","5.3.2+dfsg1-1","5.3.2+dfsg1-1ubuntu1"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4898.json"}},{"package":{"name":"wordpress","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/wordpress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.7.1+dfsg1-2ubuntu1","5.8.1+dfsg1-2ubuntu1","5.8.2+dfsg1-1ubuntu1","5.8.3+dfsg1-1ubuntu1","5.8.3+dfsg1-1ubuntu1.1"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4898.json"}},{"package":{"name":"wordpress","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/wordpress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.2+dfsg1-1ubuntu1","6.4.3+dfsg1-1ubuntu1"],"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4898.json"}}],"schema_version":"1.7.3"}