Client or Server? Hidden Sword of Damocles in Kafka

Name: Client or Server? Hidden Sword of Damocles in Kafka
Description: Apache Kafka is the backbone of modern data-intensive architectures. Deployed by thousands of enterprises for real-time data pipelines, event streaming, and critical application integration, a single

Ji'an Zhou, Ying Zhu, ZiYang Li

DEF CON 33 · Day 2 · Main Stage

Apache Kafka is the backbone of modern data-intensive architectures. Deployed by thousands of enterprises for real-time data pipelines, event streaming, and critical application integration, a single

AI review

Kafka's client/server identity ambiguity yields replication impersonation, ZooKeeper control plane RCE chains, KRaft new-surface bugs, and SSRF in Connect — a systematic attack surface analysis that covers both control plane implementations.

Watch on YouTube