Hadoop-common is vulnerable to brute-force attacks due to insecure token passwords. When Kerberos security features are enabled, token passwords are generated using only a 20-bit secret. Leveraging this flaw, attacker can easily crack secret keys using a brute-force attack.
CPE | Name | Operator | Version |
---|---|---|---|
apache hadoop common | le | 0.23.3 | |
apache hadoop common | le | 2.0.2-alpha |