Required CVE Record Information
Description
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
References 11 Total
- marc.info: [apache-db-general] 20100519 [ANNOUNCE] Apache Derby 10.6.1.0 released mailing-list
- secunia.com: 42948 third-party-advisory
- https://issues.apache.org/jira/browse/DERBY-4483
- http://blogs.sun.com/kah/entry/derby_10_6_1_has
- vupen.com: ADV-2011-0149 vdb-entry
- secunia.com: 42970 third-party-advisory
- http://marcellmajor.com/derbyhash.html
- securitytracker.com: 1024977 vdb-entry
- http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269
- securityfocus.com: 42637 vdb-entry
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 11 Total
- marc.info: [apache-db-general] 20100519 [ANNOUNCE] Apache Derby 10.6.1.0 released mailing-listx_transferred
- secunia.com: 42948 third-party-advisoryx_transferred
- https://issues.apache.org/jira/browse/DERBY-4483 x_transferred
- http://blogs.sun.com/kah/entry/derby_10_6_1_has x_transferred
- vupen.com: ADV-2011-0149 vdb-entryx_transferred
- secunia.com: 42970 third-party-advisoryx_transferred
- http://marcellmajor.com/derbyhash.html x_transferred
- securitytracker.com: 1024977 vdb-entryx_transferred
- http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269 x_transferred
- securityfocus.com: 42637 vdb-entryx_transferred
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html x_transferred