Login Sign Up

CVE-2023-34340

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Apache Accumulo 2.1.0 has an improper authentication vulnerability where invalid credentials may be accepted, allowing unauthorized access. This affects all users running Accumulo 2.1.0. Attackers could bypass authentication and gain access to sensitive data stored in Accumulo.

💻 Affected Systems

Products:
  • Apache Accumulo
Versions: 2.1.0 only
Operating Systems: All operating systems running Accumulo
Default Config Vulnerable: ⚠️ Yes
Notes: All Accumulo 2.1.0 installations are vulnerable regardless of configuration.

📦 What is this software?

Accumulo by Apache

View all CVEs affecting Accumulo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Accumulo data stores, allowing attackers to read, modify, or delete sensitive data, potentially leading to data breaches and system takeover.

🟠

Likely Case

Unauthorized access to Accumulo tables and data, potentially exposing sensitive information stored in the database.

🟢

If Mitigated

Limited impact if network segmentation and additional authentication layers prevent access to vulnerable instances.

🌐 Internet-Facing: HIGH - Internet-facing Accumulo instances are directly exploitable without authentication.
🏢 Internal Only: HIGH - Internal instances remain vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows authentication bypass, making exploitation straightforward once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1

Vendor Advisory: https://lists.apache.org/thread/syy6jftvy9l6tlhn33o0rzwhh4rd0z4t

Restart Required: Yes

Instructions:

1. Download Accumulo 2.1.1 from https://accumulo.apache.org/release/accumulo-2.1.1/ 2. Stop all Accumulo services 3. Replace Accumulo 2.1.0 with 2.1.1 4. Restart all Accumulo services 5. Verify authentication works correctly

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to Accumulo instances to only trusted sources

iptables -A INPUT -p tcp --dport 9997 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 9997 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit connections to Accumulo instances
  • Add additional authentication layers (like VPN or bastion hosts) before accessing Accumulo

🔍 How to Verify

Check if Vulnerable:

Check Accumulo version: grep 'accumulo.version' $ACCUMULO_HOME/conf/accumulo.properties

Check Version:

grep 'accumulo.version' $ACCUMULO_HOME/conf/accumulo.properties

Verify Fix Applied:

Attempt authentication with invalid credentials - should be rejected. Verify version shows 2.1.1.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts that succeed
  • Unauthorized access patterns to Accumulo tables

Network Indicators:

  • Unexpected connections to Accumulo ports (default 9997, 9999)
  • Authentication bypass attempts

SIEM Query:

source="accumulo.log" AND ("authentication succeeded" OR "login successful") AND NOT user=authorized_user

📊 Metadata

CVE ID: CVE-2023-34340
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: June 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34340, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)