6.8
CVSSv2

CVE-2018-12551

Published: 27/03/2019 Updated: 28/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 661
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in Eclipse Mosquitto could allow an authenticated, remote malicious user to bypass authentication restrictions on a targeted system. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An attacker could exploit this vulnerability by configuring a password file for authentication with malformed data that becomes a valid username without a password on the targeted system. A successful exploit could allow the malicious user to bypass authentication restrictions on the targeted system. Eclipse has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
EclipseMosquitto1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.90, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 10, 2019 wwwdebianorg/security/faq ...