CVE-2012-4449

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions prior to 0.23.4 Apache Hadoop 1.x versions prior to 1.0.4 Apache Hadoop 2.x versions prior to 2.0.2

Description The issue is related to errors in the implementation of cryptographic algorithms for generating temporary identifiers when Kerberos security features are enabled. This makes it easier for attackers to crack secret keys via a brute-force attack. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Apache Hadoop versions prior to 0.23.4, update to version 0.23.4 or later. For Apache Hadoop 1.x versions prior to 1.0.4, update to version 1.0.4 or later. For Apache Hadoop 2.x versions prior to 2.0.2, update to version 2.0.2 or later.