CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12551

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.5%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2018-12551

Eclipse » Mosquitto » Version: 1.0

cpe:2.3:a:eclipse:mosquitto:1.0
Eclipse » Mosquitto » Version: 1.0.1

cpe:2.3:a:eclipse:mosquitto:1.0.1
Eclipse » Mosquitto » Version: 1.0.2

cpe:2.3:a:eclipse:mosquitto:1.0.2
Eclipse » Mosquitto » Version: 1.0.3

cpe:2.3:a:eclipse:mosquitto:1.0.3
Eclipse » Mosquitto » Version: 1.0.4

cpe:2.3:a:eclipse:mosquitto:1.0.4
Eclipse » Mosquitto » Version: 1.0.5

cpe:2.3:a:eclipse:mosquitto:1.0.5
Eclipse » Mosquitto » Version: 1.1

cpe:2.3:a:eclipse:mosquitto:1.1
Eclipse » Mosquitto » Version: 1.1.1

cpe:2.3:a:eclipse:mosquitto:1.1.1
Eclipse » Mosquitto » Version: 1.1.2

cpe:2.3:a:eclipse:mosquitto:1.1.2
Eclipse » Mosquitto » Version: 1.1.3

cpe:2.3:a:eclipse:mosquitto:1.1.3
Eclipse » Mosquitto » Version: 1.1.90

cpe:2.3:a:eclipse:mosquitto:1.1.90
Eclipse » Mosquitto » Version: 1.2

cpe:2.3:a:eclipse:mosquitto:1.2
Eclipse » Mosquitto » Version: 1.2.1

cpe:2.3:a:eclipse:mosquitto:1.2.1
Eclipse » Mosquitto » Version: 1.2.2

cpe:2.3:a:eclipse:mosquitto:1.2.2
Eclipse » Mosquitto » Version: 1.2.3

cpe:2.3:a:eclipse:mosquitto:1.2.3
Eclipse » Mosquitto » Version: 1.3

cpe:2.3:a:eclipse:mosquitto:1.3
Eclipse » Mosquitto » Version: 1.3.1

cpe:2.3:a:eclipse:mosquitto:1.3.1
Eclipse » Mosquitto » Version: 1.3.2

cpe:2.3:a:eclipse:mosquitto:1.3.2
Eclipse » Mosquitto » Version: 1.3.3

cpe:2.3:a:eclipse:mosquitto:1.3.3
Eclipse » Mosquitto » Version: 1.3.4

cpe:2.3:a:eclipse:mosquitto:1.3.4
Eclipse » Mosquitto » Version: 1.3.5

cpe:2.3:a:eclipse:mosquitto:1.3.5
Eclipse » Mosquitto » Version: 1.4

cpe:2.3:a:eclipse:mosquitto:1.4
Eclipse » Mosquitto » Version: 1.4.1

cpe:2.3:a:eclipse:mosquitto:1.4.1
Eclipse » Mosquitto » Version: 1.4.10

cpe:2.3:a:eclipse:mosquitto:1.4.10
Eclipse » Mosquitto » Version: 1.4.11

cpe:2.3:a:eclipse:mosquitto:1.4.11
Eclipse » Mosquitto » Version: 1.4.12

cpe:2.3:a:eclipse:mosquitto:1.4.12
Eclipse » Mosquitto » Version: 1.4.13

cpe:2.3:a:eclipse:mosquitto:1.4.13
Eclipse » Mosquitto » Version: 1.4.14

cpe:2.3:a:eclipse:mosquitto:1.4.14
Eclipse » Mosquitto » Version: 1.4.15

cpe:2.3:a:eclipse:mosquitto:1.4.15
Eclipse » Mosquitto » Version: 1.4.2

cpe:2.3:a:eclipse:mosquitto:1.4.2
Eclipse » Mosquitto » Version: 1.4.3

cpe:2.3:a:eclipse:mosquitto:1.4.3
Eclipse » Mosquitto » Version: 1.4.4

cpe:2.3:a:eclipse:mosquitto:1.4.4
Eclipse » Mosquitto » Version: 1.4.5

cpe:2.3:a:eclipse:mosquitto:1.4.5
Eclipse » Mosquitto » Version: 1.4.6

cpe:2.3:a:eclipse:mosquitto:1.4.6
Eclipse » Mosquitto » Version: 1.4.7

cpe:2.3:a:eclipse:mosquitto:1.4.7
Eclipse » Mosquitto » Version: 1.4.8

cpe:2.3:a:eclipse:mosquitto:1.4.8
Eclipse » Mosquitto » Version: 1.4.9

cpe:2.3:a:eclipse:mosquitto:1.4.9
Eclipse » Mosquitto » Version: 1.5

cpe:2.3:a:eclipse:mosquitto:1.5
Eclipse » Mosquitto » Version: 1.5.1

cpe:2.3:a:eclipse:mosquitto:1.5.1
Eclipse » Mosquitto » Version: 1.5.2

cpe:2.3:a:eclipse:mosquitto:1.5.2
Eclipse » Mosquitto » Version: 1.5.3

cpe:2.3:a:eclipse:mosquitto:1.5.3
Eclipse » Mosquitto » Version: 1.5.4

cpe:2.3:a:eclipse:mosquitto:1.5.4
Eclipse » Mosquitto » Version: 1.5.5

cpe:2.3:a:eclipse:mosquitto:1.5.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12551

Products

Pricing

Contact Us