CVE-2009-4269

Metadata

CVE-2009-4269
2.1
blogs.sun.com, db.apache.org, marc.info, marcellmajor.com, oracle.com, securityfocus.com, securitytracker.com, vupen.com, issues.apache.org
2010-08-16
2017-06-06 20:21

Description

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Related Vulnerabilities

platform vulnerability
CVE-2009-4269