Home > mailing lists

BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability - Mailing list pgsql-bugs

From	PG Bug reporting form
Subject	BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability
Date	August 12, 2020 23:41:57
Msg-id	16580-850b0f6abe4fa059@postgresql.org Whole thread Raw
Responses	Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      16580
Logged by:          kranthi bhavanam
Email address:      kranthi.k.bhavanam@wellsfargo.com
PostgreSQL version: 10.10
Operating system:   RHEL
Description:

PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
vulnerability detected by our internal scan tool 'qualys'. 
Could you please help us understand and remediate the solution for this
vulnerability. 

We have 4 environments in total and only 1 env has postgres and other 3 have
MySQL. Why do we see this vulnerability in all 4 environments, even in the
env's where postgres isn't there. Please advise.

pgsql-bugs by date:

From: Andres Freund
Date: 12 August 2020, 19:27:18
Subject: Re: posgres 12 bug (partitioned table)

From: Stephen Frost
Date: 12 August 2020, 23:54:21
Subject: Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability - Mailing list pgsql-bugs

Previous

Next