Home > mailing lists

Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability - Mailing list pgsql-bugs

From	Stephen Frost
Subject	Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability
Date	August 12, 2020 23:54:21
Msg-id	20200812205421.GY29590@tamriel.snowman.net Whole thread Raw
In response to	BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

Greetings,

* PG Bug reporting form (noreply@postgresql.org) wrote:
> PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
> vulnerability detected by our internal scan tool 'qualys'.
> Could you please help us understand and remediate the solution for this
> vulnerability.

Use SCRAM.

> We have 4 environments in total and only 1 env has postgres and other 3 have
> MySQL. Why do we see this vulnerability in all 4 environments, even in the
> env's where postgres isn't there. Please advise.

... no idea.

Thanks,

Stephen

Attachment

signature.asc

pgsql-bugs by date:

From: PG Bug reporting form
Date: 12 August 2020, 23:41:57
Subject: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

From: Amit Langote
Date: 13 August 2020, 07:13:18
Subject: Re: posgres 12 bug (partitioned table)

Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability - Mailing list pgsql-bugs

Attachment

Previous

Next