STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords.

DISA Rule

SV-224167r508023_rule

Vulnerability Number

V-224167

Group Title

SRG-APP-000171-DB-000074

Rule Version

EP11-00-004300

Severity

CAT II

CCI(s)

CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET password_encryption = "scram-sha-256";
SELECT pg_reload_conf();

Check Contents

Execute the following SQL as enterprisedb:

SHOW password_encryption;

If the value returned for the password_encryption parameter is not "scram-sha-256", this is a finding unless otherwise documented as approved for the system.

Vulnerability Number

V-224167

Documentable

False

Rule Version

EP11-00-004300

Severity Override Guidance

Check Content Reference

Target Key

4107

If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments