Lucene search
K

64 matches found

Github Security Blog
Github Security Blog
added 2025/06/11 2:44 p.m.11 views

pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

Impact When the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding such as password, MD5, GSS, or SSPI authentication. This cou...

8.2CVSS7.2AI score0.00461EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/06/11 2:32 p.m.44 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS0.00461EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/11 2:32 p.m.2 views

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.6AI score0.00461EPSS
Exploits0
CVE
CVE
added 2025/06/11 2:32 p.m.237 views

CVE-2025-49146

CVE-2025-49146 affects the PostgreSQL JDBC driver (pgjdbc). From 42.7.4 through 42.7.7, when channel binding is set to required, connections could proceed using non-SASL authentication methods (e.g., password, MD5, GSS, SSPI), enabling MITM interception. The issue is fixed in 42.7.7. Affected con...

8.2CVSS7AI score0.00461EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/11 2:32 p.m.8 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7AI score0.00461EPSS
Exploits0References2
OSV
OSV
added 2025/06/11 2:32 p.m.5 views

CVE-2025-49146 pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.3AI score0.00461EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/11 12:0 a.m.2 views

pgJDBC 授权问题漏洞

pgJDBC is a PostgreSQL driver for pgJDBC open source. An authorization issue vulnerability exists in pgJDBC versions 42.7.4 through 42.7.7, which stems from a channel binding misconfiguration that could lead to a man-in-the-middle attack...

8.2CVSS7.4AI score0.00461EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2024/05/17 8:11 p.m.18 views

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

7.5AI score
Exploits0
OSV
OSV
added 2023/01/18 6:6 p.m.20 views

GO-2023-1268 Authentication failure in mellium.im/sasl

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References2
Veracode
Veracode
added 2023/01/10 7:21 a.m.24 views

Authentication Bypass

github.com/mellium/sasl is vulnerable to authentication bypass. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty causing authentication to fail in the best case, which may lead to...

9.8CVSS9.1AI score0.00883EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/12/31 3:30 a.m.25 views

GHSA-GVFJ-FXX3-J323 mellium.im/sasl authentication failure due to insufficient nonce randomness

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/12/31 3:30 a.m.37 views

mellium.im/sasl authentication failure due to insufficient nonce randomness

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS9AI score0.00883EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/12/31 1:15 a.m.5 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS5.8AI score0.00883EPSS
Exploits0References1
NVD
NVD
added 2022/12/31 1:15 a.m.21 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8CVSS0.00883EPSS
Exploits0References1
Prion
Prion
added 2022/12/31 1:15 a.m.15 views

Authentication flaw

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

7.5CVSS9.4AI score0.00883EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/12/31 12:0 a.m.23 views

CVE-2022-48195

An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated instead, the nonce is empty. This causes authentication to fail in the best case, but if paired...

9.8AI score0.00883EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/31 12:0 a.m.9 views

Mellium 授权问题漏洞

Mellium is to provide functionality from the Extensible Messaging and Presence Protocol. A security vulnerability exists in Mellium versions prior to v0.3.0 that stems from the fact that when performing SCRAM-based SASL authentication, if the remote end announcement supports channel binding, it...

9.8CVSS8.3AI score0.00883EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/31 12:0 a.m.4 views

PT-2022-28120 · Mellium · Mellium.Im/Sasl

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/sasl versions prior to 0.3.1 Description: An issue was discovered in Mellium mellium.im/sasl when performing SCRAM-based SASL authentication. If the remote end advertises support for channel binding, no random nonce is...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References10
CVE
CVE
added 2022/12/31 12:0 a.m.86 views

CVE-2022-48195

The CVE-2022-48195 issue affects Mellium mellium.im/sasl prior to v0.3.1. During SCRAM-based SASL authentication, if the remote end advertises channel binding, the implementation fails to generate a random nonce (the nonce becomes empty). This can cause authentication to fail, and in configuratio...

9.8CVSS9.4AI score0.00883EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2021-0298)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.5AI score0.03566EPSS
Exploits0References7
Rows per page
Query Builder