CVE-2020-1926: Timing attack in Cookie signature verification
First published: Tue Mar 16 2021(Updated: )
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hive | <2.3.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2020-1926.
What is the severity of CVE-2020-1926?
The severity of CVE-2020-1926 is medium with a severity value of 5.9.
What software is affected by CVE-2020-1926?
Apache Hive versions up to and including 2.3.8 are affected by CVE-2020-1926.
What is the description of CVE-2020-1926?
CVE-2020-1926 is a vulnerability in Apache Hive that allows recovery of another user's cookie signature due to a non constant time comparison vulnerability.
How has Apache Hive addressed CVE-2020-1926?
Apache Hive 2.3.8 has addressed CVE-2020-1926.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/apache
- canonical/apache hive