Description

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Remediation

References

CVE-2015-3167

Related Vulnerabilities

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-15596)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.8.3)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Multiple Vulnerabilities (2.1.1)

WordPress Plugin Quizlord Cross-Site Scripting (2.0)

WebLogic CVE-2018-3249 Vulnerability (CVE-2018-3249)

Severity

High

Classification

CVE-2015-3167 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities