Postgres Pro
Downloads
Home   >   mailing lists

Thread: The default database account can be accessed without a password

The default database account can be accessed without a password

From
MUKESH PRASAD
Date:
Hi Experts, 
I am getting VA with CVE I'd 1999-0508 where it says my default database is unpassword. However I checked all the dB with \l command and In none of the database I am able to login without password. 

It refers to the default postgres user and I have changed password too multiple times but still it complaints. 

Re: The default database account can be accessed without a password

From
Geoff Winkless
Date:
On Tue, 22 Sep 2020 at 14:33, MUKESH PRASAD
<mukeshprasad_hit@yahoo.co.in> wrote:
> I am getting VA with CVE I'd 1999-0508 where it says my default database is unpassword. However I checked all the dB
with\l command and In none of the database I am able to login without password.
 
>
> It refers to the default postgres user and I have changed password too multiple times but still it complaints.

Do you have "trust" for any lines in pg_hba.conf?

Geoff

Re: The default database account can be accessed without a password

From
MUKESH PRASAD
Date:
Hi Geoff, 
Yes it is allowed for all the hosts in same subnet. 

host all all 10.10.10.0/24 trust

Regards,
Mukesh Prasad


On Tue, 22 Sep 2020 at 7:10 PM, Geoff Winkless
<pgsqladmin@geoff.dj> wrote:
On Tue, 22 Sep 2020 at 14:33, MUKESH PRASAD

<mukeshprasad_hit@yahoo.co.in> wrote:
> I am getting VA with CVE I'd 1999-0508 where it says my default database is unpassword. However I checked all the dB with \l command and In none of the database I am able to login without password.
>
> It refers to the default postgres user and I have changed password too multiple times but still it complaints.


Do you have "trust" for any lines in pg_hba.conf?

Geoff

Re: The default database account can be accessed without a password

From
Ganesh Korde
Date:
You need to change it to md5.

On Tue, 22 Sep 2020, 7:38 pm MUKESH PRASAD, <mukeshprasad_hit@yahoo.co.in> wrote:
Hi Geoff, 
Yes it is allowed for all the hosts in same subnet. 

host all all 10.10.10.0/24 trust

Regards,
Mukesh Prasad

Sent from Yahoo Mail on Android

On Tue, 22 Sep 2020 at 7:10 PM, Geoff Winkless
On Tue, 22 Sep 2020 at 14:33, MUKESH PRASAD

<mukeshprasad_hit@yahoo.co.in> wrote:
> I am getting VA with CVE I'd 1999-0508 where it says my default database is unpassword. However I checked all the dB with \l command and In none of the database I am able to login without password.
>
> It refers to the default postgres user and I have changed password too multiple times but still it complaints.


Do you have "trust" for any lines in pg_hba.conf?

Geoff