Cloudera Manager Vulnerability Exposing LDAP Bind Passwords
CVE-2014-8733

Currently unrated

Key Information:

Vendor: Cloudera
Status: Cloudera Manager
Vendor: CVE Published:; 10 February 2015

What is CVE-2014-8733?

Cloudera Manager versions 5.2.0, 5.2.1, and 5.3.0 have a vulnerability that results in the LDAP bind password being stored in plaintext in world-readable files located in the '/etc/hadoop' directory. This exposure allows any local user with access to these directories to retrieve the sensitive password, potentially compromising the security of the system. Organizations utilizing these versions of Cloudera Manager should take immediate action to mitigate the risks associated with this vulnerability to ensure the integrity and confidentiality of their LDAP configurations.

References

http://www.cloudera.com/content/cloudera/en/documentation...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2015
Vulnerability Reserved
Nov 10, 2014