Vulnerability Details CVE-2002-1657
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php
- http://marc.info/?l=bugtraq&m=111402558115859&w=2
- http://marc.info/?l=bugtraq&m=111403050902165&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20215
- http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php
- http://marc.info/?l=bugtraq&m=111402558115859&w=2
- http://marc.info/?l=bugtraq&m=111403050902165&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20215
Products affected by CVE-2002-1657
-
cpe:2.3:a:postgresql:postgresql:7.3.19