id: unauth-psql info: name: PostgreSQL - Unauthenticated Access author: pussycat0x severity: high description: | Unauthenticated PostgreSQL Detected. reference: - https://www.postgresql.org/docs/9.6/auth-methods.html metadata: verified: "true" max-request: 1 shodan-query: port:5432 product:"PostgreSQL" tags: network,postgresql,db,unauth,misconfig,tcp tcp: - inputs: - data: "00000054000300007573657200706f73746772657300646174616261736500706f737467726573006170706c69636174696f6e5f6e616d65007073716c00636c69656e745f656e636f64696e6700555446380000" # default database postgres type: hex read: 1024 - data: "510000018e53454c45435420642e6461746e616d6520617320224e616d65222c0a2020202020202070675f636174616c6f672e70675f6765745f757365726279696428642e6461746462612920617320224f776e6572222c0a2020202020202070675f636174616c6f672e70675f656e636f64696e675f746f5f6368617228642e656e636f64696e67292061732022456e636f64696e67222c0a20202020202020642e646174636f6c6c6174652061732022436f6c6c617465222c0a20202020202020642e646174637479706520617320224374797065222c0a202020202020204e554c4c2061732022494355204c6f63616c65222c0a20202020202020276c6962632720415320224c6f63616c652050726f7669646572222c0a2020202020202070675f636174616c6f672e61727261795f746f5f737472696e6728642e64617461636c2c2045275c6e272920415320224163636573732070726976696c65676573220a46524f4d2070675f636174616c6f672e70675f646174616261736520640a4f5244455220425920313b00" type: hex read: 1024 host: - "{{Hostname}}" port: 5432 matchers-condition: and matchers: - type: word part: raw words: - "Access privileges" - "Locale Provider" - "Owner" condition: and - type: word part: raw words: - "FTP" - "HTTP" - "500" condition: or negative: true # digest: 4a0a0047304502205a09aaa0ccca5cd1d053a7d5ce341cf83fe5e938d0a37af05444f74062bebbb3022100b3d397bd0e01ae20dd823894c5e7541fe8c7c975fd5c63c2e81d8c108de11146:922c64590222798bb761d5b6d8e72950