CVE-2021-38296 Overview
Apache Spark versions 3.1.2 and earlier contain a flaw in the mutual authentication protocol used by RPC connections when spark.authenticate and spark.network.crypto.enabled are enabled. The bespoke protocol permits full recovery of the encryption key after an initial interactive attack. An attacker who captures ciphertext can later decrypt RPC traffic offline. The issue is tracked under [CWE-294] Authentication Bypass by Capture-replay and affects deployments relying on Spark's native RPC encryption. Oracle Financial Services Crime and Compliance Management Studio (versions 8.0.8.2.0 and 8.0.8.3.0) embeds the affected Spark component and inherits the exposure.
Critical Impact
Network-positioned attackers can recover encryption keys and decrypt all captured Apache Spark RPC traffic offline, exposing data exchanged between Spark nodes.
Affected Products
- Apache Spark versions 3.1.2 and earlier
- Oracle Financial Services Crime and Compliance Management Studio 8.0.8.2.0
- Oracle Financial Services Crime and Compliance Management Studio 8.0.8.3.0
Discovery Timeline
- 2022-03-10 - CVE-2021-38296 published to NVD
- 2022-07 - Oracle addresses the issue in the Oracle Security Alert CPU July 2022
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-38296
Vulnerability Analysis
Apache Spark implements a custom mutual authentication and key agreement protocol to secure RPC connections between driver, executor, and master processes. The protocol is activated when operators set spark.authenticate=true together with spark.network.crypto.enabled=true. Cryptographic weaknesses in this handshake allow an attacker who can interact with a Spark endpoint to recover the negotiated encryption key.
Once the key is recovered, the attacker decrypts previously captured network traffic without further interaction with the cluster. This breaks the confidentiality guarantee of spark.network.crypto.enabled and exposes serialized job data, shuffle data, and control messages traversing RPC channels.
The weakness is scoped to the network crypto path. Mechanisms governed by spark.authenticate.enableSaslEncryption, spark.io.encryption.enabled, spark.ssl, and spark.ui.strictTransportSecurity are not affected.
Root Cause
The root cause is the use of a bespoke authentication protocol rather than a vetted standard. The protocol leaks sufficient information during the handshake that an active participant can derive the symmetric encryption key. This places the vulnerability in [CWE-294] (Authentication Bypass by Capture-replay) territory, where protocol design choices undermine the secrecy of session keys.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker first conducts an interactive exchange with a Spark RPC endpoint to recover the key. The attacker then performs offline decryption on any captured RPC traffic. Because the protocol failure is in key agreement, no memory corruption or code execution primitive is required.
No public proof-of-concept exploit is referenced in the advisory. Detailed protocol analysis is available in the Apache Mailing List Thread.
Detection Methods for CVE-2021-38296
Indicators of Compromise
- Unexpected RPC handshakes originating from hosts outside the documented Spark cluster topology.
- Repeated short-lived connections to Spark driver, master, or executor RPC ports (default 7077, dynamic executor ports) from a single source.
- Spark logs showing authentication exchanges followed by abnormal session terminations.
Detection Strategies
- Inventory all Spark deployments and identify clusters running version 3.1.2 or earlier with spark.authenticate=true and spark.network.crypto.enabled=true.
- Inspect configuration management data for spark-defaults.conf files referencing the vulnerable crypto settings without TLS overlay.
- Correlate network flow records against the expected list of cluster member IPs to surface anomalous RPC initiators.
Monitoring Recommendations
- Capture and retain NetFlow or packet metadata for Spark RPC ports to support retrospective analysis if key recovery is suspected.
- Alert on RPC connections from non-cluster subnets, including developer workstations and unmanaged hosts.
- Monitor Spark master and worker logs for repeated SaslException or crypto handshake errors that may indicate probing.
How to Mitigate CVE-2021-38296
Immediate Actions Required
- Upgrade Apache Spark to version 3.1.3 or later, where the bespoke protocol has been corrected.
- Apply the July 2022 Oracle Critical Patch Update to remediate Oracle Financial Services Crime and Compliance Management Studio 8.0.8.2.0 and 8.0.8.3.0.
- Restrict network access to Spark RPC ports using firewall rules or security groups so that only authorized cluster members can connect.
Patch Information
The Apache Spark project resolved the issue in version 3.1.3. Upgrade paths to 3.2.x and 3.3.x also contain the fix. Refer to the Apache Mailing List Thread for the upstream announcement and to the Oracle Security Alert CPU July 2022 for downstream product fixes.
Workarounds
- Disable spark.network.crypto.enabled and instead enforce transport security with spark.ssl for RPC channels until patching is possible.
- Enable spark.authenticate.enableSaslEncryption as an alternative encryption mechanism, which is not affected by this issue.
- Place Spark clusters on isolated network segments and require VPN or bastion access for any administrative interaction.
# Configuration example: switch from vulnerable network crypto to SSL-based RPC encryption
# spark-defaults.conf
spark.authenticate true
spark.network.crypto.enabled false
spark.ssl.enabled true
spark.ssl.protocol TLSv1.2
spark.ssl.keyStore /etc/spark/ssl/keystore.jks
spark.ssl.keyStorePassword <redacted>
spark.ssl.trustStore /etc/spark/ssl/truststore.jks
spark.ssl.trustStorePassword <redacted>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
