STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords.

DISA Rule

SV-213597r508024_rule

Vulnerability Number

V-213597

Group Title

SRG-APP-000171-DB-000074

Rule Version

PPS9-00-004300

Severity

CAT II

CCI(s)

• CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET password_encryption = on;
SELECT pg_reload_conf();

Check Contents

Execute the following SQL as enterprisedb:

SHOW password_encryption;

If the value is not "on", this is a finding.

Vulnerability Number

V-213597

Documentable

False

Rule Version

PPS9-00-004300

Severity Override Guidance

Execute the following SQL as enterprisedb:

SHOW password_encryption;

If the value is not "on", this is a finding.

Check Content Reference

M

Target Key

3988

Comments