Apache Hadoop prior to 0.23.4, 1.x prior to 1.0.4, and 2.x prior to 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent malicious users to crack secret keys via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache hadoop 1.0.3 |
||
apache hadoop 1.0.0 |
||
apache hadoop 2.0.0 |
||
apache hadoop 1.0.2 |
||
apache hadoop 1.0.1 |
||
apache hadoop 2.0.2 |
||
apache hadoop 2.0.1 |
||
apache hadoop |