STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.

DISA Rule

SV-213598r508024_rule

Vulnerability Number

V-213598

Group Title

SRG-APP-000172-DB-000075

Rule Version

PPS9-00-004400

Severity

CAT II

CCI(s)

CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

Fix Recommendation

Open "<postgresql data directory>/pg_hba.conf" in an editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

For any rows that have "password" specified for the "METHOD" column, change the value to "md5".

Check Contents

Open "<postgresql data directory>/pg_hba.conf" in a viewer or editor. (The default path for the postgresql data directory is /var/lib/ppas/9.5/data, but this will vary according to local circumstances.)

If any rows have "password" specified for the "METHOD" column, this is a finding.

Vulnerability Number

V-213598

Documentable

False

Rule Version

PPS9-00-004400

Severity Override Guidance

Check Content Reference

Target Key

3988

If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments