Cleartext Exposure in Apache Derby by Apache Software Foundation
CVE-2005-4849

Currently unrated

Key Information:

Vendor: Apache
Status: Derby
Vendor: CVE Published:; 31 December 2005

Summary

Apache Derby prior to version 10.1.2.1 exposes sensitive user credentials in cleartext through specific commands and functions. Attackers can exploit this vulnerability via the RDBNAM parameter of the ACCSEC command and through the DatabaseMetaData.getURL function output, potentially leading to unauthorized access to sensitive data.

References

http://issues.apache.org/jira/browse/DERBY-559

x_refsource_CONFIRM

http://issues.apache.org/jira/browse/DERBY-530

x_refsource_CONFIRM

http://db.apache.org/derby/releases/release-10.1.2.1.html

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2005