[ACCUMULO-1086] Configuration secrets exposed via thrift RPC with no authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.5.0
Component/s: master, rpc, tserver
Labels:
None

Description

Trace password, keystore passwords, and other sensitive information is available without any authentication whatsoever, in the thrift client service. What's the reason for not requiring authentication here?

Attachments

Activity

People

Assignee:: Eric C. Newton

Reporter:: Christopher Tubbs

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Feb/13 13:40

Updated:: 28/Feb/13 14:21

Resolved:: 28/Feb/13 14:21