Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs

David G. Johnston <david.g.johnston@gmail.com>

From: "David G. Johnston" <david.g.johnston@gmail.com>
To: "bkindrajeeth@gmail.com" <bkindrajeeth@gmail.com>, "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2025-02-18T14:37:30Z
Lists: pgsql-bugs
On Tuesday, February 18, 2025, PG Bug reporting form <noreply@postgresql.org>
wrote:

> The following bug has been logged on the website:
>
> Bug reference:      18817
> Logged by:          Indrajeet Deshmukh
> Email address:      bkindrajeeth@gmail.com
> PostgreSQL version: 15.0
> Operating system:   Linux
> Description:
>
> Namaste Team,
>
> During the integration of PostgreSQL Database v15 logs into a SIEM
> solution,I observed that user passwords are logged in plaintext when a user
> is created using the database command. This poses a serious security risk
> as
> credentials could be exposed to unauthorized users who have access to the
> logs.
>
> Vendor: PostgreSQL
> Product: PostgreSQL Database
> Version: 15
> Severity: High
> Issue Type: Security Vulnerability
>
> Steps to Reproduce:
> Open the PostgreSQL Database CLI or execute the command via a script.
> Run the following command to create a new user:
>
> CREATE USER indrajeet WITH PASSWORD 'indrajeet'


The long-standing position here is that the encrypted password being found
in the logs is not a security issue needing fixing.  It’s maybe a bit
unfortunate that we provide both secure and insecure methods for setting or
changing a password but we do.  Use the secure methods.  Which means
compute the encrypted password off-server and send that instead of the
clear text version.

David J.