← voltar
CVE-2015-3167

CVE-2015-3167

EPSS 4.0%
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
Produtos afetados
PostgreSQL Global Development Group · PostgreSQL

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://ubuntu.com/usn/usn-2621-1http://www.debian.org/security/2015/dsa-3269http://www.debian.org/security/2015/dsa-3270http://www.postgresql.org/about/news/1587/http://www.postgresql.org/docs/9.0/static/release-9-0-20.htmlhttp://www.postgresql.org/docs/9.1/static/release-9-1-16.htmlhttp://www.postgresql.org/docs/9.2/static/release-9-2-11.htmlhttp://www.postgresql.org/docs/9.3/static/release-9-3-7.htmlhttp://www.postgresql.org/docs/9.4/static/release-9-4-2.html