World Readable Mosquitto Persistence File Allows Unauthorized Access to MQTT Topic Information

World Readable Mosquitto Persistence File Allows Unauthorized Access to MQTT Topic Information

CVE-2017-9868 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

Learn more about our User Device Pen Test.