Origin Validation Error
CVE-2019-11777
Summary
In the Eclipse Paho Java client library before 1.2.1, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.
References
Advisory Timeline
- Published