Threat Encyclopedia

PostgreSQL: Reconnection can downgrade connection security settings

Description

Many PostgreSQL-provided client applications have options that create additional database connections. Some of those applications reuse only the basic connection parameters (e.g.host,user,port), dropping others. If this drops a security-relevant parameter (e.g.channel_binding,sslmode,requirepeer,gssencmode), the attacker has an opportunity to complete a MITM attack or observe cleartext transmission.

Affected Products

PostgreSQL

CVE References

CVE-2020-25694