CVE-2009-4269

N/A Unknown
Published: August 16, 2010 Modified: April 29, 2026
View on NVD

Description

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.sun.com/kah/entry/derby_10_6_1_has
Source: secalert@redhat.com
http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269
Source: secalert@redhat.com
http://marc.info/?l=apache-db-general&m=127428514905504&w=1
Source: secalert@redhat.com
http://marcellmajor.com/derbyhash.html
Source: secalert@redhat.com
http://secunia.com/advisories/42948
Source: secalert@redhat.com
http://secunia.com/advisories/42970
Source: secalert@redhat.com
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Source: secalert@redhat.com
http://www.securityfocus.com/bid/42637
Source: secalert@redhat.com
http://www.securitytracker.com/id?1024977
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2011/0149
Source: secalert@redhat.com
https://issues.apache.org/jira/browse/DERBY-4483
Source: secalert@redhat.com
Vendor Advisory
http://blogs.sun.com/kah/entry/derby_10_6_1_has
Source: af854a3a-2127-422b-91ae-364da2661108
http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=apache-db-general&m=127428514905504&w=1
Source: af854a3a-2127-422b-91ae-364da2661108
http://marcellmajor.com/derbyhash.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/42948
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/42970
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/42637
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1024977
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2011/0149
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.apache.org/jira/browse/DERBY-4483
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

22 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.5%
71th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

apache

Related CVEs

CVE-2026-8662 3.3
CVE-2026-8658 6.0
CVE-2026-8666 7.7
CVE-2026-8665 7.7
CVE-2026-8664 6.0