CVE-2002-1657

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*

History

09 Feb 2024, 03:06

Type Values Removed Values Added
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111402558115859&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111402558115859&w=2 - Mailing List
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/20215 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/20215 - Broken Link, VDB Entry
References (MLIST) http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php - (MLIST) http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php - Mailing List
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111403050902165&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111403050902165&w=2 - Mailing List
CWE NVD-CWE-Other CWE-916
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2002-1657

Mitre link : CVE-2002-1657

CVE.ORG link : CVE-2002-1657


JSON object : View

Products Affected

postgresql

  • postgresql
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort