Bugtraq mailing list archives
Postgresql cleartext password storage
From: rvdm () CISTRON NL (Robert van der Meulen)
Date: Sun, 23 Apr 2000 22:02:45 +0200
Hi, While migrating some postgres databases to a different server (including user accounts) i noticed the following problem in the way postgres stores user passwords: SmellyCat:/var/postgres/data# strings pg_shadow someaccountname someaccountpassword anotheraccountname anotheraccountpassword SmellyCat:/var/postgres/data# This means postgresql stores usernames and passwords, cleartext, in pg_shadow. pg_shadow (and the other administrative tables) are owned by user postgres, and only readable by user postgres, although modifying them trough the pgsql monitor is usually protected by a password. The passwords being cleartext, and readable by user postgres (and root, ofcourse), allows bypassing the password mechanism, and gives access to all databases. (compromising user 'postgres' or reading the pg_shadow file gives access to the usernames/passwords) Ofcourse this came in handy for me, but i think it's not the way it should be:) I tested this on postgres versions 6.3.2 and 6.5.3 , others probably experience this problem as well. This message is mailed to bugtraq, and Cc'd to the postgresql developers. Greets, Robert van der Meulen/Emphyrio -- | rvdm () cistron nl - Cistron Internet Services - www.cistron.nl | | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. |
Current thread:
- Re: CVS DoS, (continued)
- Re: CVS DoS Kris Kennaway (Apr 24)
- Re: CVS DoS Kris Kennaway (Apr 24)
- finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)
- ZoneAlarm Vulnerability Alfred Huger (Apr 25)
- Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Laurent LEVIER (Apr 25)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)
- Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Theodor R. Gislason (Apr 26)
- SECURITY: UPDATED - RHSA-2000:014 New Piranha release available Cristian Gafton (Apr 26)
- gpm-root initgroups() Koblinger Egmont (Apr 23)
- Postgresql cleartext password storage Robert van der Meulen (Apr 23)
- Re: Postgresql cleartext password storage Alexandru Popa (Apr 24)
- Re: ZoneAlarm Stephen M. Milton (Apr 24)