Re: BUG #16433: Information disclosure via log file

On Wed, May 13, 2020 at 12:41 PM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:

> The following bug has been logged on the website:
>
> Bug reference: 16433
> Logged by: lokesh goyal
> Email address: lovely(dot)goyal1998(at)gmail(dot)com
> PostgreSQL version: 9.5.0
> Operating system: website
> Description:
>
> Information disclosure is a critical bug because it contains the
> information
> related to user name, mail_id , password or etc. And i got a log file which
> contain the administrator mail_id, username or password and also it contain
> a database details so it must be secure. Because it is very useful for
> attacker to takeover any other users database without authentication.
> Hope you check this log file.
>

>
> Vulnerable link: This is the vulnerable link which disclose install.log
> file
> which contain administrator details.
>
>
> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=2ahUKEwiz9bOPyrDpAhWMfn0KHQiECysQFjADegQIAxAB&url=https%3A%2F%2Fgroups.google.com%2Fgroup%2Fdataverse-community%2Fattach%2F5cbd71aaad706%2Finstall.log%3Fpart%3D0.2&usg=AOvVaw2zmOeHsbl07Gsvt2TXqDai
>
>
This log file is not from PostgreSQL. It appears to be from a product
called "dataverse", so you probably want to contact those people instead.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>