ID CVE-2000-1199
Summary PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 1139
bugtraq 20000423 Postgresql cleartext password storage
xf postgresql-plaintext-passwords(4364)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-12-2017 - 02:29
Published 31-08-2001 - 04:00
Last modified 19-12-2017 - 02:29
Back to Top