This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote database connection pooler is affected by an
authentication bypass vulnerability.
The version of Pgbouncer running on the remote host is affected by an
authentication bypass vulnerability due to a flaw in the
start_auth_request() function within file client.c when handling
requests for invalid users. A remote attacker can exploit this issue
to bypass authentication and log into PostgreSQL via Pgbouncer using a
random user name.
See also :
Upgrade to Pgbouncer version 1.6.1 or later. Alternatively, disable
'auth_user' in the Pgbouncer configuration.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true