Description

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Remediation

References

CVE-2015-3167

Related Vulnerabilities

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.25)

WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29519)

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation (3.2.1)

Severity

High

Classification

CVE-2015-3167 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities