Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-5582

[Threat Modeling] Drillbit may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Drillbit

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.10.0
    • 1.12.0
    • None

    Description

      Consider the scenario:
      Alice has a drillbit (my.drillbit.co) with plain and kerberos authentication enabled containing important data. Bob, the attacker, attempts to spoof the connection and redirect it to his own drillbit (fake.drillbit.co) with no authentication setup.

      When Alice is under attack and attempts to connect to her secure drillbit, she is actually authenticating against Bob's drillbit. At this point, the connection should have failed due to unmatched configuration. However, the current implementation will return SUCCESS as long as the (spoofing) drillbit has no authentication requirement set.

      Currently, the drillbit <- to -> drill client connection accepts the lowest authentication configuration set on the server. This leaves unsuspecting user vulnerable to spoofing.

      Attachments

        Issue Links

          requires

          Improvement - An improvement or enhancement to an existing feature or task. DRILL-5943 Avoid the strong check introduced by DRILL-5582 for PLAIN mechanism

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #997

          There are no Sub-Tasks for this issue.

          Activity

            People

              shamirwasia Sorabh Hamirwasia
              robertw Rob Wu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: