The RPC protocol implementation in Apache Hadoop 2.x prior to 2.0.6-alpha, 0.23.x prior to 0.23.9, and 1.x prior to 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle malicious users to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache hadoop 0.23.3 |
||
apache hadoop 0.23.4 |
||
apache hadoop 1.1.2 |
||
apache hadoop 1.2.0 |
||
apache hadoop 2.0.0 |
||
apache hadoop 2.0.2 |
||
apache hadoop 2.0.3 |
||
apache hadoop 0.23.7 |
||
apache hadoop 0.23.8 |
||
apache hadoop 1.0.4 |
||
apache hadoop 1.0.0 |
||
apache hadoop 1.0.1 |
||
apache hadoop 2.0.4 |
||
apache hadoop 2.0.5 |
||
apache hadoop 1.1.0 |
||
apache hadoop 1.1.1 |
||
apache hadoop 1.0.2 |
||
apache hadoop 1.0.3 |
||
apache hadoop 2.0.1 |
||
apache hadoop 0.23.5 |
||
apache hadoop 0.23.6 |
||
apache hadoop 0.23.0 |
||
apache hadoop 0.23.1 |