PostgreSQL Password Hashes Enumeration Scanner
This scanner detects the use of PostgreSQL List Password Hashes in digital assets. It helps identify exposed password hashes stored within PostgreSQL databases, enhancing security by mitigating risks associated with unauthorized access.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
19 days 8 hours
Scan only one
Domain, IPv4
Toolbox
-
PostgreSQL is a powerful, open-source object-relational database system that has earned its reputation for reliability, feature robustness, and performance. Organizations of various sizes utilize PostgreSQL to manage their data-driven applications across different domains, from analytics to web services. Its extensibility and SQL compliance make it a widely used database in the industry. Many enterprises rely on PostgreSQL for critical business functions, hosting powerful applications ranging from simple websites to complex data systems. The use of PostgreSQL spans many sectors, including finance, telecommunications, and government, reflecting its broad applicability. This widespread usage necessitates the need for robust security practices around its deployment and management.
One of the security issues that can arise with PostgreSQL is the exposure of password hashes stored in the database. Enumeration vulnerabilities allow unauthorized users to list sensitive data, such as password hashes, which could be exploited to gain unauthorized access. This vulnerability involves querying specific tables within the database to reveal cryptographic hashes of user passwords. Properly securing and managing these hashes is crucial, as their exposure can lead to severe security breaches. Users of PostgreSQL should be aware of this vulnerability and ensure their databases are configured to mitigate enumeration risks. Regular database audits and stringent access controls are part of best practices to prevent such vulnerabilities.
The technical aspect of this vulnerability involves gaining access to specific database tables such as 'pg_shadow' that store user account details, including password hashes. These table entries can be extracted using SQL queries, which may be executed if proper authentication and authorization checks are bypassed. Attackers might exploit default or weak configurations to perform these queries, thus accessing sensitive information. Understanding and securing these endpoints against unauthorized queries help prevent unauthorized data access. Attention to database security settings is essential to limit exposure to enumeration attacks while maintaining necessary user functions.
If successfully exploited, this vulnerability can lead to unauthorized access to database systems by acquiring sensitive information such as password hashes. An attacker with access to these hashes could potentially use them for offline cracking efforts to reveal plaintext passwords. This may lead to increased exposure as attackers might gain further access to interconnected systems using cracked credentials. Beyond data breaches, exposure of such sensitive data can result in regulatory non-compliance and financial loss. Protecting against this vulnerability is vital to maintain the confidentiality and integrity of database systems.
REFERENCES
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md#postgresql-list-password-hashes
- https://launchbylunch.com/posts/2024/Jan/16/postgres-password-encryption/#postgresql-password-encryption-scram-sha-256
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/postgres/postgres_hashdump.md