Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue CVE-2017-12610 #352

Closed
schubon opened this issue Mar 7, 2019 · 0 comments
Closed

Security issue CVE-2017-12610 #352

schubon opened this issue Mar 7, 2019 · 0 comments
Assignees
@schubon
Labels
bug kafka

Comments

@schubon
Copy link
Member

schubon commented Mar 7, 2019

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12610
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schubon schubon

Labels
bug kafka
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@schubon