QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2192

Published: Jan 24, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

20130823 CVE-2013-2192: Apache Hadoop Man in the Middle Vulnerability

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.