Auth bypass in Apache Hbase

CVE-2013-2193

Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.

Vulnerability class: Broken Authentication

EPSS: 0.007 (48.4th percentile) — read the EPSS interpretation.

Affected products

Apache Hbase — versions 0.92.0, 0.92.1, 0.92.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (mailing-list, x_refsource_FULLDISC)