CVE-2020-1926

CVE-2020-1926: Timing attack in Cookie signature verification

Vendor Apache Software Foundation
Product Apache Hive
Weakness CWE-208
Published March 16, 2021
Last update February 13, 2025

CVSS base score

What the vulnerability does

01Description

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

Key dates

02Disclosure timeline

March 16, 2021 CVE published
February 13, 2025 Record updated