3 matches found
RLSA-2026:28208 Important: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 For more details about the security issues, including the impact, a CVSS score,...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
UBUNTU-CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...