CVE-2009-4269

Name of the Vulnerable Software and Affected Versions Apache Derby versions prior to 10.6.1.0

Description The issue concerns the password hash generation algorithm in the BUILTIN authentication functionality. It performs a transformation that reduces the size of the set of inputs to SHA-1, resulting in a small search space. This makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

Recommendations For versions prior to 10.6.1.0, update to version 10.6.1.0 or later to resolve the issue.