Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2009-3231

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9452)

WordPress Plugin Simple:Press Security Bypass and Arbitrary File Upload Vulnerabilities (4.1.2)

WordPress Plugin Database Backups Cross-Site Request Forgery (1.2.2.6)

WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1151)

Severity

Medium

Classification

CVE-2009-3231 CWE-287

Tags

Missing Update Known Vulnerabilities