PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
References
Link | Resource |
---|---|
http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php | Mailing List |
http://marc.info/?l=bugtraq&m=111402558115859&w=2 | Mailing List |
http://marc.info/?l=bugtraq&m=111403050902165&w=2 | Mailing List |
https://exchange.xforce.ibmcloud.com/vulnerabilities/20215 | Broken Link VDB Entry |
Configurations
History
09 Feb 2024, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=111402558115859&w=2 - Mailing List | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/20215 - Broken Link, VDB Entry | |
References | (MLIST) http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php - Mailing List | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=111403050902165&w=2 - Mailing List | |
CWE | CWE-916 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
Information
Published : 2002-12-31 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-1657
Mitre link : CVE-2002-1657
CVE.ORG link : CVE-2002-1657
JSON object : View
Products Affected
postgresql
- postgresql
CWE
CWE-916
Use of Password Hash With Insufficient Computational Effort