CVE-2000-1199

MEDIUM severity · CVSS 4.6

4.6CVSS MEDIUM

Summary

PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)1%

AV:L/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

PostgreSQL

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://www.securityfocus.com/bid/1139Advisory
http://www.securityfocus.com/bid/1139Advisory
http://marc.info/?l=bugtraq&m=95659987018649&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/4364
http://marc.info/?l=bugtraq&m=95659987018649&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/4364