Volodymyr Tkach created DRILL-6192:
--------------------------------------
Summary: Drill is vulnerable to CVE-2017-12197
Key: DRILL-6192
URL: https://issues.apache.org/jira/browse/DRILL-6192
Project: Apache Drill
Issue Type: Bug
Reporter: Volodymyr Tkach
Assignee: Volodymyr Tkach
The current version of libpam4j bundled with MCS does not perform any
authorization check. Any user with valid password could access the cluster even
if the user account is disabled/password expired/'not allowed to access the
service(pam_access ..)' etc..
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
