| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | lovely(dot)goyal1998(at)gmail(dot)com |
| Subject: | BUG #16433: Information disclosure via log file |
| Date: | 2020-05-13 10:06:51 |
| Message-ID: | 16433-329df1ba83ea1bd8@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 16433
Logged by: lokesh goyal
Email address: lovely(dot)goyal1998(at)gmail(dot)com
PostgreSQL version: 9.5.0
Operating system: website
Description:
Information disclosure is a critical bug because it contains the information
related to user name, mail_id , password or etc. And i got a log file which
contain the administrator mail_id, username or password and also it contain
a database details so it must be secure. Because it is very useful for
attacker to takeover any other users database without authentication.
Hope you check this log file.
Vulnerable link: This is the vulnerable link which disclose install.log file
which contain administrator details.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2020-05-13 10:43:46 | Re: BUG #16432: ECCN code for PGAdmin 3 and 4 |
| Previous Message | PG Bug reporting form | 2020-05-13 09:28:06 | BUG #16432: ECCN code for PGAdmin 3 and 4 |