CVE-2012-4449

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.16 % (53^th)

Affected Products 1

Advisories 1

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

Weaknesses

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2017-10-30 19:29:00
(6 years ago)
Updated Date: 2023-11-07 02:11:52
(10 months ago)

Affected Products

Apache

Hadoop

Configuration #1

	CPE23	Up To
Apache Hadoop 0.23.3 and prior versions	cpe:2.3:a:apache:hadoop	<= 0.23.3
Apache Hadoop 1.0.0	cpe:2.3:a:apache:hadoop:1.0.0
Apache Hadoop 1.0.1	cpe:2.3:a:apache:hadoop:1.0.1
Apache Hadoop 1.0.2	cpe:2.3:a:apache:hadoop:1.0.2
Apache Hadoop 1.0.3	cpe:2.3:a:apache:hadoop:1.0.3
Apache Hadoop 2.0.0 Alpha	cpe:2.3:a:apache:hadoop:2.0.0:alpha
Apache Hadoop 2.0.1 Alpha	cpe:2.3:a:apache:hadoop:2.0.1:alpha
Apache Hadoop 2.0.2 Alpha	cpe:2.3:a:apache:hadoop:2.0.2:alpha