vulnerability
Oracle Linux: CVE-2017-7546: ELSA-2017-2728: postgresql security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 10, 2017 | Sep 15, 2017 | Dec 4, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 10, 2017
Added
Sep 15, 2017
Modified
Dec 4, 2025
Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
Solutions
oracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-develoracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-libsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpythonoracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-staticoracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-upgrade
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.