Endpoint Vulnerability

PostgreSQL: pgcrypto has multiple error messages for decryption with an incorrect key.

Description

It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known.

Affected Products

PostgreSQL

References

CVE-2015-3167,