debian · CVE-2009-4269

Quick triage

Priority: unimportant Published: Updated: Sat, 04 Jul 2026 05:30:09 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2009-4269 unimportant priority: Debian including 1 source packages (derby), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.

cvelogic Threat Intelligence