Connection settings - 'pg_hba.conf no host entries using 'password' method'

Information

A host (TCP/IP) connection entry with the method defined as 'password' allows an unencrypted password for authentication. Where possible
encrypted passwords should be used.
OWASP Backend Security Project PostgreSQL Hardening - https://www.owasp.org/index.php/OWASP_Backend_Security_Project_PostgreSQL_Hardening
NOTE: update POSTGRESQL_VERSION with the appropriate value for the local environment.

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CSCv6|16.13, CSCv6|16.14

Plugin: Windows

Control ID: a5eed3ed2de4549c07e5358643e62eb931b42834972d99fc2d8b80412739dcb9