September 28, 2001

Conectiva: mod_auth_pgsql remote authentication vulnerability

Author: JT Smith

Posted at "'mod_auth_mysql' is an authentication module for apache which
authenticates users against a PostgreSQL database.
RUS-CERT discovered a vulnerability in several Apache
authentication modules which use SQL databases to retrieve user
information. This vulnerability allows a remote attacker to change
the query that the module sends to the SQL server and circumvent the
authentication process."


  • Linux
Click Here!