CVE-2015-1776

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions 2.6.x

Description The issue allows local users to obtain sensitive information by reading a credentials file on disk. This occurs when the Intermediate data encryption feature is enabled, causing Apache Hadoop to store intermediate data generated by a MapReduce job along with the encryption key in the file.

Recommendations For Apache Hadoop version 2.6.x, consider disabling the Intermediate data encryption feature until a proper fix is implemented to securely store encryption keys. Restrict access to the credentials file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.