Home > mailing lists

Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs - Mailing list pgsql-bugs

From	David Rowley
Subject	Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs
Date	February 18 15:21:04
Msg-id	CAApHDvoCnaLeVO4zdCaYJFBfcuGXYz1W5L917p526nWEcs=gqg@mail.gmail.com Whole thread Raw
In response to	BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs (PG Bug reporting form <noreply@postgresql.org>)
Responses	Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs
List	pgsql-bugs

Tree view

On Tue, 18 Feb 2025 at 22:51, PG Bug reporting form
<noreply@postgresql.org> wrote:
> During the integration of PostgreSQL Database v15 logs into a SIEM
> solution,I observed that user passwords are logged in plaintext when a user
> is created using the database command. This poses a serious security risk as
> credentials could be exposed to unauthorized users who have access to the
> logs.

> Steps to Reproduce:

> CREATE USER indrajeet WITH PASSWORD 'indrajeet'

There's some relevant discussion about this in [1], in particular, see [2].

David

[1]
https://www.postgresql.org/message-id/flat/CALNJ-vRQB81F9Q9V%2BoDPsCTF-%2B0o_xR3%3D7_GAZfyg2sEaEfQJA%40mail.gmail.com#1f62ceb364243164a3d3a41530db055f
[2] https://www.postgresql.org/message-id/1250706.1658622457%40sss.pgh.pa.us

pgsql-bugs by date:

From: Virender Singla
Date: 18 February, 12:08:17
Subject: PG17 --transaction-size=1000 caused MVU failure

From: Indrajeeth Deshmukh
Date: 18 February, 15:52:36
Subject: Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs - Mailing list pgsql-bugs

Previous

Next