Brute Force Vulnerability in PostgreSQL Database Systems
CVE-2015-3167

7.5HIGH

Key Information:

Vendor: Postgresql Global Development Group
Status: Postgresql
Vendor: CVE Published:; 20 November 2019

🔔 Create Postgresql Global Development Group Vulnerability Alert

What is CVE-2015-3167?

The vulnerability in the contrib/pgcrypto component of PostgreSQL allows attackers to exploit inconsistent error messages returned when incorrect keys are used. This discrepancy enables potential attackers to ascertain valid keys more easily through brute force methods, compromising database security.

Affected Version(s)

PostgreSQL before 9.0.20

PostgreSQL 9.1.x before 9.1.16

PostgreSQL 9.2.x before 9.2.11

References

http://www.postgresql.org/about/news/1587/

x_refsource_MISC

http://www.postgresql.org/docs/9.0/static/release-9-0-20....

x_refsource_MISC

http://www.postgresql.org/docs/9.1/static/release-9-1-16....

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2019
Vulnerability Reserved
Apr 10, 2015

.

CVE-2015-3167 : Brute Force Vulnerability in PostgreSQL Database Systems