Name | CVE-2002-1657 |
Description | PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
postgresql | source | (unstable) | (unfixed) | unimportant | | |
Notes
This is not a real world problem; it's only applicable in rare circurstances
like someone analysing stolen user database information and even then the gain
is slim. In that case SHA256 hashes would be more appropriate anyway.