RSS   Vulnerabilities for 'HONO'   RSS

2021-01-14
 
CVE-2020-27220

CWE-862
 

 
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.

 

 >>> Vendor: Eclipse 30 Products
Jetty
Eclipse ide
BIRT
Mojarra
Tinydtls
Mosquitto
KURA
IDE
Vert.x
Openj9
Rdf4j
Wakaama
Hawkbit
OMR
Paho java client
Vorto
Jersey
CHE
Memory analyzer
Theia
Web tools platform
HONO
Californium
Cyclone data distribution service
KETI
Paho mqtt c\/c\+\+ client
Lemminx
Cyclonedds
LYO
Equinox p2


Copyright 2024, cxsecurity.com

 

Back to Top