Impersonation Vulnerability in Apache Kafka's SASL Authentication

Impersonation Vulnerability in Apache Kafka's SASL Authentication

CVE-2017-12610 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:N

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

Learn more about our Cis Benchmark Audit For Apache Http Server.