Participants
PG Bug reporting form
PG Bug reporting form
Stephen Frost
Stephen Frost
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Aug 12, 2020
#2Stephen FrostStephen Frostto PG Bug reporting form (#1)
Aug 12, 2020

BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

Started by PG Bug reporting formover 5 years ago2 messagesbugs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following bug has been logged on the website:

Bug reference: 16580
Logged by: kranthi bhavanam
Email address: kranthi.k.bhavanam@wellsfargo.com
PostgreSQL version: 10.10
Operating system: RHEL
Description:

PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
vulnerability detected by our internal scan tool 'qualys'.
Could you please help us understand and remediate the solution for this
vulnerability.

We have 4 environments in total and only 1 env has postgres and other 3 have
MySQL. Why do we see this vulnerability in all 4 environments, even in the
env's where postgres isn't there. Please advise.

#2Stephen Frost
Stephen Frost
sfrost@snowman.net
In reply to: PG Bug reporting form (#1)
Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

Greetings,

* PG Bug reporting form (noreply@postgresql.org) wrote:

PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
vulnerability detected by our internal scan tool 'qualys'.
Could you please help us understand and remediate the solution for this
vulnerability.

Use SCRAM.

We have 4 environments in total and only 1 env has postgres and other 3 have
MySQL. Why do we see this vulnerability in all 4 environments, even in the
env's where postgres isn't there. Please advise.

... no idea.

Thanks,

Stephen

← Back to Topics