Apache · Apache Derby · CVE-2009-4269
**Name of the Vulnerable Software and Affected Versions**
Apache Derby versions prior to 10.6.1.0
**Description**
The issue concerns the password hash generation algorithm in the BUILTIN authentication functionality. It performs a transformation that reduces the size of the set of inputs to SHA-1, resulting in a small search space. This makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
**Recommendations**
For versions prior to 10.6.1.0, update to version 10.6.1.0 or later to resolve the issue.