Critical severity9.8NVD Advisory· Published Oct 30, 2017· Updated May 13, 2026
CVE-2012-4449
CVE-2012-4449
Description
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-clientMaven | < 0.23.4 | 0.23.4 |
org.apache.hadoop:hadoop-clientMaven | >= 1.0.0, < 1.0.4 | 1.0.4 |
org.apache.hadoop:hadoop-clientMaven | >= 2.0.0, < 2.0.2 | 2.0.2 |
Affected products
8cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*range: <=0.23.3
- cpe:2.3:a:apache:hadoop:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-q46v-cj5v-hvg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4449ghsaADVISORY
- www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.htmlnvdIssue TrackingThird Party AdvisoryWEB
- mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q@mail.gmail.com%3EghsaWEB
- mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q%40mail.gmail.com%3Envd
News mentions
0No linked articles in our index yet.