cve/2018/CVE-2018-1320.md

### [CVE-2018-1320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Thrift&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authentication&color=brighgreen)

### Description

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Thrift&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authentication&color=brighgreen)`

			`### Description`

			`Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.`

			`### POC`

			`#### Reference`
			`- https://www.oracle.com/security-alerts/cpuapr2020.html`
			`- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html`

			`#### Github`
			`No PoCs found on GitHub currently.`