← back
CVE-2015-3167

CVE-2015-3167

EPSS 4.0%
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
Affected products
PostgreSQL Global Development Group · PostgreSQL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ubuntu.com/usn/usn-2621-1http://www.debian.org/security/2015/dsa-3269http://www.debian.org/security/2015/dsa-3270http://www.postgresql.org/about/news/1587/http://www.postgresql.org/docs/9.0/static/release-9-0-20.htmlhttp://www.postgresql.org/docs/9.1/static/release-9-1-16.htmlhttp://www.postgresql.org/docs/9.2/static/release-9-2-11.htmlhttp://www.postgresql.org/docs/9.3/static/release-9-3-7.htmlhttp://www.postgresql.org/docs/9.4/static/release-9-4-2.html