2 matches found
UBUNTU-CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-6478
CVE-2026-6478 enables a covert timing channel during MD5 password comparison in PostgreSQL authentication, allowing credential recovery sufficient to authenticate. The issue does not affect scram-sha-256 passwords. It can affect databases with MD5-hashed passwords originating from upgrades from P...