PostgreSQL CVE-2020-25694 Weak Encryption Vulnerability

description-logoDescription

Many PostgreSQL-provided client applications have options that create additional database connections. Some of those applications reuse only the basic connection parameters (e.g.host,user,port), dropping others. If this drops a security-relevant parameter (e.g.channel_binding,sslmode,requirepeer,gssencmode), the attacker has an opportunity to complete a MITM attack or observe cleartext transmission.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2020-25694