The PostgreSQL ChallengeResponse Authentication using the AUTH_REQ_MD5 method or
simply configuring "md5" as the Host Based Authentication (HBA) in pg_hba.conf is the
default setting on many linux distributions as well as recommended in the default
configuration on github:METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that "password" sends passwords in clear text; "md5" is preferred since it sends encrypted passwords. It has a severe protocol design weakness. The weakness we have found here, and that we can demonstrate with a proof of concept (POC) code, is also known as a passthehash (PTH) vulnerability [1].
more here.........https://hashcat.net/misc/postgres-pth/postgres-pth.pdf
Proof of Concepts on the following links:
https://hashcat.net/misc/postgres-pth/postgresql_diff_clean.txt
https://hashcat.net/misc/postgres-pth/postgresql_diff_minimal.txt
simply configuring "md5" as the Host Based Authentication (HBA) in pg_hba.conf is the
default setting on many linux distributions as well as recommended in the default
configuration on github:METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that "password" sends passwords in clear text; "md5" is preferred since it sends encrypted passwords. It has a severe protocol design weakness. The weakness we have found here, and that we can demonstrate with a proof of concept (POC) code, is also known as a passthehash (PTH) vulnerability [1].
more here.........https://hashcat.net/misc/postgres-pth/postgres-pth.pdf
Proof of Concepts on the following links:
https://hashcat.net/misc/postgres-pth/postgresql_diff_clean.txt
https://hashcat.net/misc/postgres-pth/postgresql_diff_minimal.txt