CVE-2013-2193
Apache HBase < 0.92.3, 0.94.x < 0.94.9 - Kerberos Authentication Bypass
Title source: llmDescription
Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96615
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Aug/250
Scores
EPSS
0.0015
EPSS Percentile
35.9%
Details
CWE
CWE-287
Status
published
Products (13)
apache/hbase
0.92.0
apache/hbase
0.92.1
apache/hbase
0.92.2
apache/hbase
0.94.0
apache/hbase
0.94.1
apache/hbase
0.94.2
apache/hbase
0.94.3
apache/hbase
0.94.4
apache/hbase
0.94.5
apache/hbase
0.94.6
... and 3 more
Published
May 29, 2014
Tracked Since
Feb 18, 2026