Volodymyr Tkach created DRILL-6192: -------------------------------------- Summary: Drill is vulnerable to CVE-2017-12197 Key: DRILL-6192 URL: https://issues.apache.org/jira/browse/DRILL-6192 Project: Apache Drill Issue Type: Bug Reporter: Volodymyr Tkach Assignee: Volodymyr Tkach
The current version of libpam4j bundled with MCS does not perform any authorization check. Any user with valid password could access the cluster even if the user account is disabled/password expired/'not allowed to access the service(pam_access ..)' etc.. -- This message was sent by Atlassian JIRA (v7.6.3#76005)