 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Date Reported: 4/23/2000 Vulnerability: postgresql-plaintext-passwords Platforms Affected: PostgreSQL Risk Factor: Medium Attack Type: Host Based PostgreSQL is an open-source relational database management system (DBMS) that supports SQL constructs. The program stores its usernames and passwords in plaintext format in a file called pg_shadow that is readable by the postgres user and root. A local attacker can run strings on the file to obtain database usernames and passwords. Reference: Bugtraq Mailing List: "Postgresql cleartext password storage" at: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000423220245.A2 -- Niall Kavanagh, niall at kst.com News, articles, and resources for web professionals and developers: http://www.kst.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
