Brute Force Vulnerability in PostgreSQL Database Systems
CVE-2015-3167
7.5HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 20 November 2019
What is CVE-2015-3167?
The vulnerability in the contrib/pgcrypto component of PostgreSQL allows attackers to exploit inconsistent error messages returned when incorrect keys are used. This discrepancy enables potential attackers to ascertain valid keys more easily through brute force methods, compromising database security.
Affected Version(s)
PostgreSQL before 9.0.20
PostgreSQL 9.1.x before 9.1.16
PostgreSQL 9.2.x before 9.2.11