CVE-2012-4449

Publication date

2017-10-30 19:00:00

Family

redhat

State

PUBLISHED

Description

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.