STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server password file must not be used.

DISA Rule

SV-224173r508023_rule

Vulnerability Number

V-224173

Group Title

SRG-APP-000516-DB-000363

Rule Version

EP11-00-004850

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove any password files present on the server and implement a more secure form of authentication.

The DoD standard for authentication is DoD-approved PKI certificates.

Check Contents

Check DBMS settings to determine whether a password file is being used.

On Windows the default file name and location is:
%APPDATA%\postgresql\pgpass.conf (where %APPDATA% refers to the Application Data subdirectory in the user's profile).
Alternatively, a password file can be specified using the connection parameter passfile or the environment variable PGPASSFILE.

If a password file exists, this is a finding.
If a password file is not in use, this is not a finding.

Vulnerability Number

V-224173

Documentable

False

Rule Version

EP11-00-004850

Severity Override Guidance

Check DBMS settings to determine whether a password file is being used.

On Windows the default file name and location is:
%APPDATA%\postgresql\pgpass.conf (where %APPDATA% refers to the Application Data subdirectory in the user's profile).
Alternatively, a password file can be specified using the connection parameter passfile or the environment variable PGPASSFILE.

If a password file exists, this is a finding.
If a password file is not in use, this is not a finding.

Check Content Reference

M

Target Key

4107

Comments