Ya Xiao created HDFS-15776:
------------------------------
Summary: Customized TrustManager bypasses certificate verification
Key: HDFS-15776
URL: https://issues.apache.org/jira/browse/HDFS-15776
Project: Hadoop HDFS
Issue Type: Improvement
Reporter: Ya Xiao
We found a security vulnerability in file
[hadoop-hdfs/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java|https://github.com/apache/hadoop-hdfs/blob/b2d2a3262c587638db04c2991d48656b3d06275c/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ProxyUtil.java].
The customized TrustManger (at Line 95) allows all certificates to pass the
verification.
*Security Impact*:
The checkClientTrusted and checkServerTrusted methods are expected to implement
the certificate validation logic. Bypassing it could allow man-in-the-middle
attacks.
*Useful Resources*:
[https://cwe.mitre.org/data/definitions/295.html]
[https://developer.android.com/training/articles/security-ssl|https://developer.android.com/training/articles/security-ssl#SelfSigned]
*Solution we suggest:*
Do not customize the TrustManger or specify the certificate validation logic
instead of allowing all certificates. See
[here|https://developer.android.com/training/articles/security-ssl] to securely
allow self-signed certificates and other common cases.
*Please share with us your opinions/comments if there is any:*
Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
