← volver
CVE-2015-3167

CVE-2015-3167

EPSS 4.0%
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
Productos afectados
PostgreSQL Global Development Group · PostgreSQL

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://ubuntu.com/usn/usn-2621-1http://www.debian.org/security/2015/dsa-3269http://www.debian.org/security/2015/dsa-3270http://www.postgresql.org/about/news/1587/http://www.postgresql.org/docs/9.0/static/release-9-0-20.htmlhttp://www.postgresql.org/docs/9.1/static/release-9-1-16.htmlhttp://www.postgresql.org/docs/9.2/static/release-9-2-11.htmlhttp://www.postgresql.org/docs/9.3/static/release-9-3-7.htmlhttp://www.postgresql.org/docs/9.4/static/release-9-4-2.html