PostgreSQL Empty Password Handling Remote Authentication Bypass
High Nessus Plugin ID 104031
SynopsisPostgresql has a flaw that allows the attacker to login with empty password.
DescriptionPostgreSQL contains a flaw that is triggered when attempting to authenticate to the database with an empty password using a modified or a non-libpq-based client. This allows a remote attacker to bypass authentication mechanisms.
SolutionUpgrade to PostgreSQL 9.6.4, 9.5.8, 9.4.13, 9.3.18, 9.2.22 or later.