Home > Vulnerability Database > CVE-2009-4269

Mend.io Vulnerability Database

CVE-2009-4269

Good to know:

Date: August 16, 2010

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Language: Java

Severity Score

4.0

Related Resources (18)

Url: http://marc.info/?l=apache-db-general&m=127428514905504&w=1

Url: http://www.securitytracker.com/id?1024977

Url: http://secunia.com/advisories/42948

Url: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Url: https://github.com/apache/derby/commit/3b82686e32a8d4fa2027350279104f9b243b35d6

Url: http://www.securityfocus.com/bid/42637

Url: http://marcellmajor.com/derbyhash.html

Url: https://github.com/apache/derby/commit/8c305e2f3fad1c3a4f98c06c7f2b53e2bfdd308c

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-4269

Url: https://github.com/apache/derby/commit/23f97a597716ee5b08eff698b7177850ad8e1294

Url: https://github.com/apache/derby/commit/60edeb0cb29daf9d28ece1863db779c1af5a3f62

Url: http://www.vupen.com/english/advisories/2011/0149

Url: http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269

Url: https://issues.apache.org/jira/browse/DERBY-4483

Url: https://github.com/apache/derby/commit/178ca0cfb796b5a5788d25ded0978773ea254332

Url: http://secunia.com/advisories/42970

Url: http://blogs.sun.com/kah/entry/derby_10_6_1_has

Url: https://www.mend.io/vulnerability-database/CVE-2009-4269

Severity Score

4.0

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Use of Password Hash With Insufficient Computational Effort

CWE-916

Top Fix

Upgrade Version

Upgrade to version 10.6.1.0

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-4269

Good to know:

Date: August 16, 2010

Language: Java

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?