2 matches found
CVE-2020-1926
CVE-2020-1926 affects Apache Hive: cookie signature verification used a non-constant-time comparison, enabling timing attacks that could recover another user’s cookie signature. The issue is addressed in Apache Hive 2.3.8. Connected references describe the vulnerability as an information-disclosu...
CVE-2020-1926 Timing attack in Cookie signature verification
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...