PT-2017-2780 · Postgresql+4 · Postgresql+4

Published

2017-05-04

Updated

2026-01-30

CVE-2017-7546

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.2.22 PostgreSQL versions prior to 9.3.18 PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4

Description The issue is related to incorrect authentication in PostgreSQL, allowing remote attackers to gain access to database accounts with an empty password. This is due to flaws in the authentication procedure. The exploitation of this issue can enable a remote attacker to access a database account that has an empty password.

Recommendations For versions prior to 9.2.22, update to version 9.2.22 or later. For versions prior to 9.3.18, update to version 9.3.18 or later. For versions prior to 9.4.13, update to version 9.4.13 or later. For versions prior to 9.5.8, update to version 9.5.8 or later. For versions prior to 9.6.4, update to version 9.6.4 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2017-02038

CESA-2017_2728

CESA-2017_2860

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2017-7546

DLA-1051-1

DSA-3935-1

DSA-3936-1

MGASA-2017-0316

OPENSUSE-SU-2017_2306-1

OPENSUSE-SU-2017_2391-1

OPENSUSE-SU-2017_2392-1

OPENSUSE-SU-2018_0529-1

RHSA-2017:2677

RHSA-2017:2678

RHSA-2017:2728

RHSA-2017:2860

RHSA-2017_2728

RHSA-2017_2860

SUSE-SU-2017:2236-1

SUSE-SU-2017:2258-1

SUSE-SU-2017:2355-1

SUSE-SU-2017:2356-1

SUSE-SU-2017_2236-1

SUSE-SU-2017_2258-1

SUSE-SU-2017_2355-1

SUSE-SU-2017_2356-1

USN-3390-1

Affected Products

Centos

Postgresql

Red Hat

Suse

Ubuntu

PT-2017-2780 · Postgresql+4 · Postgresql+4

CVE-2017-7546

Weakness Enumeration

Related Identifiers

Affected Products

References · 127