[Medium Risk] Flaw in Apache Accumulo Authentication Process

News 2023-07-21 02:23:18 views: null

 Vulnerability description

 Apache Accumulo is a sorted distributed Key-Value storage application.

In version 2.1.0 of Apache Accumulo, AccumuloClient removes the automatic authentication mechanism when constructing a new instance, and authentication is always performed in the shell. When the shell has been idle for too long and authentication needs to be re-authenticated, since the identity credentials are stored in the configuration file of the client, any content entered by the user can pass the authentication.

vulnerability name Flaws in the Apache Accumulo authentication process
Vulnerability type improper authentication
Discovery time 2023/6/21
Vulnerability Breadth generally
MPS number MPS-5l0p-exd9
CVE number  CVE-2023-34340
CNVD number -


Sphere of influence

org.apache.accumulation:accumulation-core@[2.1.0, 2.1.1)

Repair plan

Upgrade component org.apache.accumulo:accumulo-core to version 2.1.1 or higher

reference link

https://www.oscs1024.com/hd/MPS-5l0p-exd9

https://nvd.nist.gov/vuln/detail/CVE-2023-34340

https://github.com/apache/accumulo/commit/0f2389735fd32e0bbc93ecde5d8c814b275b21b5

https://github.com/apache/accumulo/issues/3433

About Murphy Security 

Murphy Security is a technology company that provides you with professional software supply chain security management. The core team comes from companies such as Baidu, Huawei, and Wuyun. The company provides customers with a complete software supply chain security management platform, and provides security management for the entire software life cycle around SBOM. Provide customers with complete control capabilities from supply chain asset identification management, risk detection, security control, and one-key repair.

Open source project: https://github.com/murphysecurity/murphysec/?sf=qbyj

The product can be integrated with various tools in the existing development process at a very low cost, including seamless integration with dozens of tools such as IDE, Gitlab, Bitbucket, Jenkins, Harbor, and Nexus.

Free code security detection tool:  https://www.murphysec.com/?sf=qbyj
Free intelligence subscription: https://www.oscs1024.com/cm/?sf=qbyj


Guess you like

Origin blog.csdn.net/murphysec/article/details/131770032
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com