Vulnerabilities > CVE-2002-1657 - Use of Password Hash With Insufficient Computational Effort vulnerability in Postgresql 7.3.19

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

postgresql

CWE-916

NVD

Published: 2002-12-31

Updated: 2024-02-09

Summary

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 7.3.19	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php
http://marc.info/?l=bugtraq&m=111402558115859&w=2
http://marc.info/?l=bugtraq&m=111403050902165&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20215