Collected from the PG bugs email list.
|Reported by||lokesh goyal|
Body of first available message related to this bug follows.
The following bug has been logged on the website: Bug reference: 16433 Logged by: lokesh goyal Email address: (redacted) PostgreSQL version: 9.5.0 Operating system: website Description: Information disclosure is a critical bug because it contains the information related to user name, mail_id , password or etc. And i got a log file which contain the administrator mail_id, username or password and also it contain a database details so it must be secure. Because it is very useful for attacker to takeover any other users database without authentication. Hope you check this log file. Vulnerable link: This is the vulnerable link which disclose install.log file which contain administrator details. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=2ahUKEwiz9bOPyrDpAhWMfn0KHQiECysQFjADegQIAxAB&url=https%3A%2F%2Fgroups.google.com%2Fgroup%2Fdataverse-community%2Fattach%2F5cbd71aaad706%2Finstall.log%3Fpart%3D0.2&usg=AOvVaw2zmOeHsbl07Gsvt2TXqDai
|2020-05-13 10:06:51+00||PG Bug reporting form||BUG #16433: Information disclosure via log file|
|2020-05-13 10:45:58+00||Magnus Hagander||Re: BUG #16433: Information disclosure via log file|