Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2009-3231

Related Vulnerabilities

PostgreSQL Improper Input Validation Vulnerability (CVE-2014-0066)

WordPress Plugin Cherry Cross-Site Scripting (1.2.8.1)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.3)

Ruby Improper Input Validation Vulnerability (CVE-2009-5147)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29526)

Severity

Medium

Classification

CVE-2009-3231 CWE-287

Tags

Missing Update Known Vulnerabilities