[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4269Date: (C)2010-08-16   (M)2023-12-22


The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1024977
BID-42637
SECUNIA-42948
SECUNIA-42970
ADV-2011-0149
http://marc.info/?l=apache-db-general&m=127428514905504&w=1
http://blogs.sun.com/kah/entry/derby_10_6_1_has
http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269
http://marcellmajor.com/derbyhash.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
https://issues.apache.org/jira/browse/DERBY-4483

CPE    1
cpe:/a:apache:derby
CWE    1
CWE-310

© SecPod Technologies