CVE-2018-12551 - OpenCVE

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Eclipse	Mosquitto

Configuration 1 [-]

cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401	Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: eclipse

Published: 2019-03-27T17:26:20

Updated: 2019-10-26T23:06:13

Reserved: 2018-06-18T00:00:00

Link: CVE-2018-12551

JSON object: View

NVD Information

Status : Modified

Published: 2019-03-27T18:29:00.367

Modified: 2019-10-09T23:34:04.137

Link: CVE-2018-12551

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Eclipse Mosquitto", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.0", "versionType": "custom"}, {"lessThanOrEqual": "1.5.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-703", "description": "CWE-703: Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-26T23:06:13", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401"}, {"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12551", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Mosquitto", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.0"}, {"version_affected": "<=", "version_value": "1.5.5"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-703: Improper Check or Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401"}, {"name": "[debian-lts-announce] 20191026 [SECURITY] [DLA 1972-1] mosquitto security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}]}}}}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12551", "datePublished": "2019-03-27T17:26:20", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2019-10-26T23:06:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "734742C3-741C-461E-9739-B13C25C5420D", "versionEndIncluding": "1.5.5", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability."}, {"lang": "es", "value": "Cuando Eclipse Mosquitto, desde la versi\u00f3n 1.0 hasta la 1.5.5 (incluidas), est\u00e1 configurado para emplear un archivo de contrase\u00f1as para autenticaci\u00f3n, cualquier dato mal formado en el archivo de contrase\u00f1as se tratar\u00e1 como v\u00e1lido. Normalmente, esto significa que los datos mal formados se convierten en un nombre de usuario sin contrase\u00f1a. Si esto ocurre, los clientes pueden sortear la autenticaci\u00f3n y obtener acceso al broker mediante el uso de un nombre de usuario mal formado. En particular, una l\u00ednea en blanco se tratar\u00e1 como un nombre de usuario vac\u00edo v\u00e1lido. Otras medidas de seguridad no se han visto afectadas. Los usuarios que solo hayan empleado la utilidad mosquitto_passwd para crear y modificar sus archivos de contrase\u00f1a no se ven afectados por esta vulnerabilidad."}], "id": "CVE-2018-12551", "lastModified": "2019-10-09T23:34:04.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-27T18:29:00.367", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543401"}, {"source": "emo@eclipse.org", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-703"}], "source": "emo@eclipse.org", "type": "Secondary"}]}