Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Hadoop RPC Authentication 安全绕过漏洞
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)软件基金会的一套开源的分布式系统基础架构,它能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop 2.0.6-alpha之前的2.x版本中,0.23.9之前的0.23.x版本中,以及1.2.1之前的1.x版本中的RPC协议实现中存在漏洞。启用Kerberos安全功能的条件下,中间人攻击者可通过对简单认证进行强制降级,从而利用该漏洞禁用双向认证并且获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A