#VU42109 Improper Authentication in Hadoop - CVE-2013-2192

Cybersecurity Help s.r.o.

Published: 2014-01-24 | Updated: 2020-08-10

Vulnerability identifier: #VU42109

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-2192

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Hadoop
Server applications / Frameworks for developing and running applications

Vendor: Apache Foundation

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Hadoop: 0.23.0 - 2.0.5

External links
https://rhn.redhat.com/errata/RHSA-2014-0037.html
https://rhn.redhat.com/errata/RHSA-2014-0400.html
https://seclists.org/fulldisclosure/2013/Aug/251
https://secunia.com/advisories/57915
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in Hadoop