An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2016-12-29T09:02:00
Updated: 2024-08-06T03:07:30.822Z
Reserved: 2016-12-06T00:00:00
Link: CVE-2016-9877
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-12-29T09:59:00.790
Modified: 2024-11-21T03:01:56.197
Link: CVE-2016-9877
Redhat