Authentication spoofing bypass vulnerability in Apache Cassandra - CVE-2020-17516 (rpm)ID: oval:org.secpod.oval:def:82569 | Date: (C)2022-08-04 (M)2023-12-01 |
Class: VULNERABILITY | Family: unix |
The host is installed with Apache Cassandra 2.1.x through 2.1.22, 2.2.x through 2.2.19, 3.0.x through 3.0.23 or 3.11.x through 3.11.9 and is prone to an authentication spoofing bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue the 'dc' or 'rack' internode_encryption setting. Successful exploitation allows attacker to use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.