BUG-000168218 for ArcGIS GIS Server

漏洞 ID 编号	BUG-000168218
已提交	June 10, 2024
上次修改时间	January 26, 2025
适用范围	ArcGIS GIS Server
找到的版本	10.9.1
操作系统	Windows Server
操作系统版本	2022
状态	In Review

解决办法

The problematic Database Admin User password can be updated to a working password by temporarily using Postgres Trust Authentication: PostgreSQL: Documentation: 16: 21.4. Trust Authentication

On the ArcGIS Data Store machine, navigate to the Data Store's pg_hba.conf file (i.e. C:\arcgisdatastore\pgdata\pg_hba.conf).
Take a backup of pg_hba.conf (i.e. create a copy of this file and rename with .bak extension, pg_hba.conf.bak).
Edit the pg_hba.conf file to add the following line/value at the uppermost position:
1. hostssl all all 127.0.0.1/32 trust
2. 1. This entry specifically allows for local connections to be made to postgres using whichever database username is specified. In other words, this entry will allow connection to postgres as the Database Admin User while ignoring (and thus overcoming) the problematic password. For more information, see PostgreSQL: Documentation: 16: 21.4. Trust Authentication.
Save the pg_hba.conf file.
Using Data Store ArcGIS Data Store command utility reference—Portal for ArcGIS | Documentation for ArcGIS Enterprise, and execute listadminusers. This will now succeed, and the Database Admin User username and password will now be displayed. Note the Database Admin User (i.e. adm_2ztay).
Using Data Store ArcGIS Data Store command utility reference—Portal for ArcGIS | Documentation for ArcGIS Enterprise, execute changepassword for the Database Admin User, while specifying a password that we do not expect to be problematic (i.e. potato). Once completed, execute listadminusers to verify the password has been changed successfully.
Revert the Data Store pg_hba.conf file to it's original state, or to the backup copy.
1. Note, this step is important to ensure the Data Store remains secure.