Security Advisory

CVE-2017-5640

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-10 20:00:00

Last updated 2024-09-16 22:50:44

Assigner apache

State PUBLISHED

Description

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with COMPLETE before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.

← Browse all CVEs View on cve.org ↗