How severe is CVE-2018-12551?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-12551?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2018-12551 - HIGH Severity | CVSS 8.1

Vulnerability Description

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

Related Vulnerabilities

CVE-2024-10781

HIGH

CVSS:8.1(High)

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the...

CWE-7032024

CVE-2024-21525

HIGH

CVSS:8.3(High)

All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with...

CWE-7032024

CVE-2018-5463

HIGH

CVSS:7.8(High)

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.

CWE-7032018

CVE-2019-11245

HIGH

CVSS:7.8(High)

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If...

CWE-7032019

CVE-2022-0016

HIGH

CVSS:7.8(High)

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYS...

CWE-7032022

CVE-2022-22265

HIGH

CVSS:7.8(High)

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CWE-7032022