The EDB Postgres Advanced Server password file must not be used.

Description

<VulnDiscussion>The EDB Postgres password file can contain passwords to be used if the connection allows a password (and no password has been specified otherwise). This file contain lines of the following format: hostname:port:database:username:password It is critically important to system security that use of a password file be avoided as it stores passwords in plain text. Any user with access to these could potentially compromise the security of the database.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>