Hitesh Shah

**Name of the Vulnerable Software and Affected Versions** Apache Hadoop versions 2.6.x **Description** The issue allows local users to obtain sensitive information by reading a credentials file on disk. This occurs when the Intermediate data encryption feature is enabled, causing Apache Hadoop to store intermediate data generated by a MapReduce job along with the encryption key in the file. **Recommendations** For Apache Hadoop version 2.6.x, consider disabling the Intermediate data encryption feature until a proper fix is implemented to securely store encryption keys. Restrict access to the credentials file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.