contrib/pgcrypto in PostgreSQL prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, and 9.4.x prior to 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for malicious users to obtain the key via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 15.04 |