This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote database server is running software known to be
susceptible to brute-forcing of passwords.
According to its self-reported version number, the installation of
Apache Derby running on the remote server performs a transformation on
passwords that removes half the bits from most of the characters
before hashing. This leads to a large number of hash collisions,
letting passwords be easily brute-forced. This vulnerability only
affects the BUILTIN authentication method.
Note that Nessus has not tested for the issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Apache Derby 10.6.1.0 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true