Windows installer writes superuser password to unprotected temporary file
The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read the PostgreSQL superuser password from the file.
The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read the PostgreSQL superuser password from the file.
The PostgreSQL project thanks Noah Misch for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 11 | 11.5 | 2019-08-08 |
| 10 | 10.10 | 2019-08-08 |
| 9.6 | 9.6.15 | 2019-08-08 |
| 9.5 | 9.5.19 | 2019-08-08 |
| 9.4 | 9.4.24 | 2019-08-08 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 6.7 |
|---|---|
| Component | packaging |
| Vector | AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.
Vulmon