Improper Authentication Affecting mosquitto Open this link in a new tab package, versions >=1.0.0, <1.5.6
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
13 Nov 2019
31 Jan 2019
How to fix?
Mosquitto to version 1.5.6 or higher.
Mosquitto is an open source implementation of a server for version 3.1 and 3.1.1 of the MQTT protocol.
Affected versions of this package are vulnerable to Improper Authentication. Clients are granted access to the broker because it incorrectly validated empty lines or malformed data in the password file, treating such data as a valid username and allowing an attacker to bypass authentication. This vulnerability does not affect the users using the
mosquitto_passwd utility to create and modify their password files.