CVE-2009-4269
Use of Password Hash With Insufficient Computational Effort in Apache Derby
EPSS 0.78%
Description
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
How to fix CVE-2009-4269
To remediate CVE-2009-4269, upgrade the affected package to a fixed version below.
- Maven/org.apache.derby:derby—upgrade to 10.6.1.0 or later
Is CVE-2009-4269 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 10.6.1.0