FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

RabbitMQ -- Authentication vulnerability

Affected packages
3.0.0 <= rabbitmq < 3.5.8
3.6.0 <= rabbitmq < 3.6.6

Details

VuXML ID 6aa956fb-d97f-11e6-a071-001e67f15f5a
Discovery 2016-12-06
Entry 2017-01-15

Pivotal.io reports:

MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

References

CVE Name CVE-2016-9877
URL https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_6
URL https://pivotal.io/security/cve-2016-9877