Описание
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| postgresql | unfixed | package |
Примечания
This is not a real world problem; it's only applicable in rare circurstances
like someone analysing stolen user database information and even then the gain
is slim. In that case SHA256 hashes would be more appropriate anyway.
EPSS
Процентиль: 60%
0.00398
Низкий
Связанные уязвимости
CVSS3: 7.5
nvd
больше 22 лет назад
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVSS3: 7.5
github
около 3 лет назад
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
EPSS
Процентиль: 60%
0.00398
Низкий