cbcvebase.
CVE-2017-7546
published 2017-08-16

CVE-2017-7546: PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to…

PriorityP181critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
61.57%
99.1th percentile
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.

Affected

83 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql

Detection & IOCsextracted from sources · hover to see the quote

  • Authentication bypass is possible when a PostgreSQL account has an empty password — an attacker can authenticate successfully by sending an empty password even though libpq refuses to transmit one, meaning server-side authentication methods (e.g. md5) incorrectly accept the empty credential
  • Monitor PostgreSQL authentication logs for successful logins to accounts that are believed to have password login disabled or that are configured with empty passwords; unexpected successful authentications to such accounts indicate exploitation
  • The upstream fix is available at the referenced commit; patch presence/absence can be used to confirm vulnerable vs. patched state of a PostgreSQL installation
  • ·Vulnerability affects PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8, and 9.6.4; accounts are only exploitable if they have an empty password set in the database
  • ·Several authentication methods including the widely-used 'md5' method are affected; the flaw may have given a false impression that an empty password disabled the account, but it does not

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.