CVE-2019-11777

Summary

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Paho1.2.0affected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CVE Program Container

Additional References

References