kafka-clients is vulnerable to user impersonation attacks. The vulnerabilities exists due to the lack of authentication checks in the SASL/PLAIN
and SASL/SCRAM
authentication methods using the built-in PLAIN
or SCRAM
server implementation in kafka-clients.
CPE | Name | Operator | Version |
---|---|---|---|
apache kafka | le | 0.11.0.1 | |
apache kafka | le | 0.10.2.1 |
seclists.org/oss-sec/2018/q3/62
www.securityfocus.com/bid/104899
github.com/apache/kafka/commit/0b4daa4bf48517b4b3e9cda11692e80ade620b04
github.com/apache/kafka/commit/9f3468645b968761ca9141d18337cb6adadbae97
lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210@%3Cusers.kafka.apache.org%3E
lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
www.oracle.com/security-alerts/cpujul2020.html