## https://sploitus.com/exploit?id=FC7E063F-7FC6-592E-BBD9-FE777046579E
# Unauthenticated RCE in Apache Hadoop YARN ResourceManager
An **unauthorized access vulnerability** exists in Apache Hadoop YARN ResourceManager when its REST API (default port `8088`) or RPC ports are exposed **without authentication enabled**. By default, Hadoop leaves HTTP web consoles and RPC services unsecured. This allows attackers to remotely execute arbitrary code or hijack cluster resources.
## Impact
- Remote command execution on cluster nodes.
- Resource hijacking (e.g., cryptocurrency mining, DDoS).
- Data exposure via HDFS access.
- Potential privilege escalation if YARN runs as a high‑privileged user.
## Affected Configurations
All Hadoop versions with default security settings – especially:
- Apache Hadoop 2.x (2.6 – 2.9)
- CDH / HDP distributions with default configs
- Any deployment where:
- `yarn.resourcemanager.webapp.address` is publicly reachable, and
- `yarn.resourcemanager.webapp.authentication` is **not** set
## Mitigation
- **Enable authentication** – use Kerberos or SPNEGO; set `yarn.resourcemanager.webapp.authentication`.
- **Restrict network access** – firewall or VPN so only trusted IPs can reach the ResourceManager.
- **Enforce HTTPS** for the REST API.
- **Enable ACLs** – set `yarn.acl.enable` and define proper user/group permissions.
## References
- [Apache Hadoop Security Guide](https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html)
- [YARN REST API Documentation](https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html)
## Disclaimer
This PoC is for **authorized security testing and educational purposes only**. Unauthorized use against systems you do not own is illegal.