CVE-2013-2192Improper Authentication in Apache Hadoop

CWE-287Improper Authentication6 documents6 sources
Severity
3.2LOWNVD
EPSS
0.1%
top 68.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Hadoop
Timeline
PublishedJan 24
Latest updateMay 17

Description

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

CVSS vector

AV:A/AC:H/C:P/I:P/A:NExploitability: 3.2 | Impact: 4.9

Affected Packages1 packages

NVDapache/hadoop23 versions+22

🔴Vulnerability Details

3
OSV
Improper Authentication in Apache Hadoop2022-05-17
GHSA
Improper Authentication in Apache Hadoop2022-05-17
CVEList
CVE-2013-2192: The RPC protocol implementation in Apache Hadoop 22014-01-24

📋Vendor Advisories

1
Red Hat
hadoop: man-in-the-middle vulnerability2013-08-23

💬Community

1
Bugzilla
CVE-2013-2192 hadoop: man-in-the-middle vulnerability2013-08-26
CVE-2013-2192 — Improper Authentication in Apache | cvebase