Endpoint Vulnerability

PostgreSQL: Interactive installer downloads software over plain HTTP, then executes it

Description

It was found that the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

Affected Products

PostgreSQL

References

CVE-2016-7048,