db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (DERBY-4468) Security weaknesses
Date Tue, 08 Jun 2010 13:55:10 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen resolved DERBY-4468.
---------------------------------------

    Fix Version/s: 10.6.1.0
       Resolution: Fixed

The vulnerable mechanism was deprecated in Derby 10.6 (a new mechanism was implemented in
DERBY-4483 and replaced the vulnerable one as the default), so I'm marking this issue as fixed.
Thanks for reporting the issue, Marcell!

See DERBY-4483 and Marcell's writeup describing the problem at http://marcellmajor.com/derbyhash.html
for details.

> Security weaknesses
> -------------------
>
>                 Key: DERBY-4468
>                 URL: https://issues.apache.org/jira/browse/DERBY-4468
>             Project: Derby
>          Issue Type: Bug
>         Environment: All platform.
>            Reporter: Marcell Major
>             Fix For: 10.6.1.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> There are security weaknesses in Derby password handling. I want to share the details
with Derby developers but I cannot find the suitable confidential forum/mail address for that.
Please give me an email address to send it to the correct mailbox...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message