CVE-2012-4449: Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop

Severity: Critical

CVSS Score: 9.8

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.