Description

PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.

Remediation

References

CVE-2000-1199

Related Vulnerabilities

WordPress Plugin Teamleader CRM Forms Cross-Site Scripting (2.0.0)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-46158)

IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1489)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7888)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2413)

Severity

Medium

Classification

CVE-2000-1199

Tags

Missing Update Known Vulnerabilities