Land rapid7#4883, Postgres PTH reference

wvu · wvu · commit 3e81bf073c0c · 2015-03-05T15:05:27.000-06:00
diff --git a/modules/auxiliary/scanner/postgres/postgres_login.rb b/modules/auxiliary/scanner/postgres/postgres_login.rb
@@ -21,14 +21,16 @@ def initialize(info = {})
       'Description'    => %q{
         This module attempts to authenticate against a PostgreSQL
         instance using username and password combinations indicated
-        by the USER_FILE, PASS_FILE, and USERPASS_FILE options.
+        by the USER_FILE, PASS_FILE, and USERPASS_FILE options. Note that
+        passwords may be either plaintext or MD5 formatted hashes.
       },
       'Author'         => [ 'todb' ],
       'License'        => MSF_LICENSE,
       'References'     =>
         [
           [ 'URL', 'http://www.postgresql.org' ],
-          [ 'CVE', '1999-0502'] # Weak password
+          [ 'CVE', '1999-0502'], # Weak password
+          [ 'URL', 'https://hashcat.net/forum/archive/index.php?thread-4148.html' ] # Pass the Hash
         ]
     ))
 
