drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Wu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5582) [Threat Modeling] Drillbit may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Drillbit
Date Tue, 13 Jun 2017 06:32:00 GMT
Rob Wu created DRILL-5582:
-----------------------------

             Summary: [Threat Modeling] Drillbit may be spoofed by an attacker and this may
lead to data being written to the attacker's target instead of Drillbit
                 Key: DRILL-5582
                 URL: https://issues.apache.org/jira/browse/DRILL-5582
             Project: Apache Drill
          Issue Type: Bug
    Affects Versions: 1.10.0
            Reporter: Rob Wu
            Priority: Minor


Consider the scenario:
Alice has a drillbit (my.drillbit.co) with plain and kerberos authentication enabled containing
important data. Bob, the attacker, attempts to spoof the connection and redirect it to his
own drillbit (fake.drillbit.co) with no authentication setup. 

When Alice is under attack and attempts to connect to her secure drillbit, she is actually
authenticating against Bob's drillbit. At this point, the connection should have failed due
to unmatched configuration. However, the current implementation will return SUCCESS as long
as the (spoofing) drillbit has no authentication requirement set.

Currently, the drillbit <-to-> drill client connection accepts the lowest authentication
configuration set on the server. This leaves the user vulnerable to spoofing. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message