QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4449

Published: Oct 30, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0

x_refsource_CONFIRM

[hadoop-general] 20121012 [ANNOUNCE] Hadoop-1.0.4 release, with Security fix

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.