Loading
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Use CWE-284, Broadcom vendor hub and Rabbitmq Server product page to widen CVE-2016-9877 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-22117, CVE-2017-4966 and CVE-2019-11287 for nearby disclosures in the same product family.