The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2009-09-17 10:30
Updated : 2025-04-09 00:30
NVD link : CVE-2009-3231
Mitre link : CVE-2009-3231
CVE.ORG link : CVE-2009-3231
JSON object : View
Products Affected
opensuse
- opensuse
canonical
- ubuntu_linux
postgresql
- postgresql
suse
- linux_enterprise_server
- linux_enterprise
fedoraproject
- fedora
CWE
CWE-287
Improper Authentication