CVE-2012-4449

2017-10-30T19:29:00
ID CVE-2012-4449
Type cve
Reporter cve@mitre.org
Modified 2017-11-21T15:53:00

Description

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.