PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00398
Percentile: 0.59787

CVSS Scoring

Mapped CWE(s)

• CWE-916 : Use of Password Hash With Insufficient Computational Effort

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1110.002 : Password Cracking
  Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*

← Back to Home