2 matches found
CVE-2015-6817
CVE-2015-6817 affects PgBouncer 1.6.x before 1.6.1. The vulnerability allows a remote attacker to gain login access as auth_user via an unknown username when configured with the auth_user feature. Public references in multiple databases (NVD, OSV, CNVD, Debian tracker, Gentoo GLSA) corroborate th...
Pgbouncer 1.6 Invalid User Authentication Bypass
The version of Pgbouncer running on the remote host is affected by an authentication bypass vulnerability due to a flaw in the startauthrequest function within file client.c when handling requests for invalid users. A remote attacker can exploit this issue to bypass authentication and log into...