CVE-2009-4269: Weak password hash generation

August 16, 2010 (updated January 26, 2011)

The password hash generation algorithm in this package performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

References

db.apache.org/derby/releases/release-10.6.1.0.html
marcellmajor.com/derbyhash.html
issues.apache.org/jira/browse/DERBY-4483
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4269

Code Behaviors & Features

Detect and mitigate CVE-2009-4269 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →