3 matches found
Apache Impala 2.8.0 Authentication Bypass Vulnerability
Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server respond...
CVE-2017-5640
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...
CVE-2017-5640
CVE-2017-5640 affects Apache Impala (incubating) versions 2.7.0–2.8.0. A malicious process impersonating an Impala daemon can cause the server to skip authentication checks when Kerberos is enabled but TLS is not, by replying with COMPLETE before the SASL handshake finishes, making the client tre...