Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: kranthi(dot)k(dot)bhavanam(at)wellsfargo(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability
Date: 2020-08-12 20:54:21
Message-ID: 20200812205421.GY29590@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Greetings,

* PG Bug reporting form (noreply(at)postgresql(dot)org) wrote:
> PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
> vulnerability detected by our internal scan tool 'qualys'.
> Could you please help us understand and remediate the solution for this
> vulnerability.

Use SCRAM.

> We have 4 environments in total and only 1 env has postgres and other 3 have
> MySQL. Why do we see this vulnerability in all 4 environments, even in the
> env's where postgres isn't there. Please advise.

... no idea.

Thanks,

Stephen

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Amit Langote 2020-08-13 04:13:18 Re: posgres 12 bug (partitioned table)
Previous Message PG Bug reporting form 2020-08-12 20:41:57 BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability