EP11-00-004850 – The EDB Postgres Advanced Server password file must not be used.

Details

The EDB Postgres password file can contain passwords to be used if the connection allows a password (and no password has been specified otherwise).

This file contain lines of the following format:

hostname:port:database:username:password

It is critically important to system security that use of a password file be avoided as it stores passwords in plain text. Any user with access to these could potentially compromise the security of the database.

Solution

Remove any password files present on the server and implement a more secure form of authentication.

The DoD standard for authentication is DoD-approved PKI certificates.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_EDB_PGS_Advanced_Server_v11_Windows_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
CSCv6|9.1
Rule-ID|SV-224173r508023_rule
STIG-ID|EP11-00-004850
STIG-Legacy|SV-110213
STIG-Legacy|V-101109
Vuln-ID|V-224173

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles