It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-09-16T22:50:44.601Z
Reserved: 2017-01-29T00:00:00
Link: CVE-2017-5640

No data.

Status : Modified
Published: 2017-07-10T20:29:00.237
Modified: 2024-11-21T03:28:04.580
Link: CVE-2017-5640

No data.