[
https://issues.apache.org/jira/browse/DERBY-4468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen resolved DERBY-4468.
---------------------------------------
Fix Version/s: 10.6.1.0
Resolution: Fixed
The vulnerable mechanism was deprecated in Derby 10.6 (a new mechanism was
implemented in DERBY-4483 and replaced the vulnerable one as the default), so
I'm marking this issue as fixed. Thanks for reporting the issue, Marcell!
See DERBY-4483 and Marcell's writeup describing the problem at
http://marcellmajor.com/derbyhash.html for details.
> Security weaknesses
> -------------------
>
> Key: DERBY-4468
> URL: https://issues.apache.org/jira/browse/DERBY-4468
> Project: Derby
> Issue Type: Bug
> Environment: All platform.
> Reporter: Marcell Major
> Fix For: 10.6.1.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> There are security weaknesses in Derby password handling. I want to share the
> details with Derby developers but I cannot find the suitable confidential
> forum/mail address for that. Please give me an email address to send it to
> the correct mailbox...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
