CVE-2009-4269

2010-08-16T20:00:00
ID CVE-2009-4269
Type cve
Reporter cve@mitre.org
Modified 2011-01-26T06:41:00

Description

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. Per https://issues.apache.org/jira/browse/DERBY-4483, the reported version affected is 10.5.3.0. Unable to determine if affected versions exist between 10.5.3.0 and 10.6.1.0