This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote database server is running software known to be
susceptible to brute-forcing of passwords.
According to its self-reported version number, the installation of
Apache Derby running on the remote server performs a transformation on
passwords that removes half the bits from most of the characters
before hashing. This leads to a large number of hash collisions,
letting passwords be easily brute-forced. This vulnerability only
affects the BUILTIN authentication method.
Note that Nessus has not tested for the issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Apache Derby 10.6.1.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true
Nessus Plugin ID: 52536 ()
Bugtraq ID: 42637
CVE ID: CVE-2009-4269
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.