CVE-2012-4449

{"id": "CVE-2012-4449", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-30T19:29:00.200", "references": [{"url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q%40mail.gmail.com%3E", "source": "secalert@redhat.com"}, {"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack."}, {"lang": "es", "value": "Apache Hadoop en versiones anteriores a la 0.23.4, las versiones 1.x anteriores a la 1.0.4 y las versiones 2.x anteriores a la 2.0.2 genera contrase\u00f1as token empleando un secreto de 20 bits cuando las caracter\u00edsticas de seguridad de Kerberos est\u00e1n habilitadas. Esto permite que atacantes dependientes del contexto descubran las claves secretas mediante un ataque de fuerza bruta."}], "lastModified": "2023-11-07T02:11:52.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FE6038C-E381-4DAC-8ACC-AF872B0AC539", "versionEndIncluding": "0.23.3"}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCC82E5C-775B-4BB0-AE38-6CF546CD6A4F"}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA4A72DC-B207-4013-ADED-BDEEE3940486"}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D85AFEF0-A4A8-435A-8774-C838A511B1A6"}, {"criteria": "cpe:2.3:a:apache:hadoop:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "070C91FA-BB2B-4005-83CC-9463A875AE9F"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259"}, {"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}