Summary: | Bug in mosquittos MQTT password file parser allows adversaries to modify the loaded password file instance and authenticate as another client. | ||
---|---|---|---|
Product: | Community | Reporter: | Panagiotis Vasilikos <panagiotis.vasilikos> |
Component: | Bugzilla | Assignee: | Eclipse Webmaster <webmaster> |
Status: | RESOLVED MOVED | QA Contact: | |
Severity: | critical | ||
Priority: | P3 | Keywords: | security |
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | https://github.com/eclipse/mosquitto | ||
Whiteboard: |
Description
Panagiotis Vasilikos
2020-01-30 11:48:38 EST
Mosquitto uses Github Issues rather than this bugzilla. As such I've created: https://github.com/eclipse/mosquitto/issues/1584 containing this report. -M. |