Thread: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

From

PG Bug reporting form

Date:

12 August 2020, 23:41:57

The following bug has been logged on the website:

Bug reference:      16580
Logged by:          kranthi bhavanam
Email address:      kranthi.k.bhavanam@wellsfargo.com
PostgreSQL version: 10.10
Operating system:   RHEL
Description:

PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
vulnerability detected by our internal scan tool 'qualys'. 
Could you please help us understand and remediate the solution for this
vulnerability. 

We have 4 environments in total and only 1 env has postgres and other 3 have
MySQL. Why do we see this vulnerability in all 4 environments, even in the
env's where postgres isn't there. Please advise.

Re: BUG #16580: PostgreSQL PassTheHash Protocol Design Weakness Detected - vulnerability

From

Stephen Frost

Date:

12 August 2020, 23:54:21

Greetings,

* PG Bug reporting form (noreply@postgresql.org) wrote:
> PostgreSQL PassTheHash Protocol Design Weakness Detected - this is the
> vulnerability detected by our internal scan tool 'qualys'.
> Could you please help us understand and remediate the solution for this
> vulnerability.

Use SCRAM.

> We have 4 environments in total and only 1 env has postgres and other 3 have
> MySQL. Why do we see this vulnerability in all 4 environments, even in the
> env's where postgres isn't there. Please advise.

... no idea.

Thanks,

Stephen

Attachment

signature.asc