CVE-2009-3231

Postgresql < 8.2.14 - Authentication Bypass

Title source: rule

Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

References (17)

Scores

EPSS 0.0496
EPSS Percentile 89.5%

Classification

CWE
CWE-287
Status draft

Affected Products (11)

postgresql/postgresql < 8.2.14
opensuse/opensuse < 11.1
suse/linux_enterprise
suse/linux_enterprise
suse/linux_enterprise_server
fedoraproject/fedora
fedoraproject/fedora
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Sep 17, 2009
Tracked Since Feb 18, 2026