Inconsistent Error Responses in contrib/pgcrypto in PostgreSQL

Inconsistent Error Responses in contrib/pgcrypto in PostgreSQL

CVE-2015-3167 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.