An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2016-12-29T09:02:00

Updated: 2024-08-06T03:07:30.822Z

Reserved: 2016-12-06T00:00:00

Link: CVE-2016-9877

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-12-29T09:59:00.790

Modified: 2024-11-21T03:01:56.197

Link: CVE-2016-9877

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-12-20T00:00:00Z

Links: CVE-2016-9877 - Bugzilla