Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PgBouncer default auth_query does not take Postgres password expiry into account
Vulnerability Description
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用已过期的密钥
Vulnerability Title
PgBouncer 安全漏洞
Vulnerability Description
PgBouncer是PgBouncer社区的一个 PostgreSql 的开源轻量级连接池。 PgBouncer存在安全漏洞,该漏洞源于auth_query未考虑Postgres的VALID UNTIL值,可能导致使用过期密码登录。
CVSS Information
N/A
Vulnerability Type
N/A