EP11-00-004850 - The EDB Postgres Advanced Server password file must not be used.

Information

The EDB Postgres password file can contain passwords to be used if the connection allows a password (and no password has been specified otherwise).

This file contain lines of the following format:
hostname:port:database:username:password

It is critically important to system security that use of a password file be avoided as it stores passwords in plain text. Any user with access to these could potentially compromise the security of the database.

Solution

Remove any password files present on the server and implement a more secure form of authentication.

The DoD standard for authentication is DoD-approved PKI certificates.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v11_Windows_V2R3_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-224173r879887_rule, STIG-ID|EP11-00-004850, STIG-Legacy|SV-110213, STIG-Legacy|V-101109, Vuln-ID|V-224173

Plugin: Windows

Control ID: f3d7aad8b68a16b2258fb34e03a475fa944ed4919b782c1cbd4dbb507f9040b2