Eclipse Mosquitto

Findings · 8

1. 1 Insucient default configuration file permissions High
2. 2 Unclear ACL, role, group enforcement priority Medium
3. 3 Missing global connection rate limiting High
4. 4 Plaintext password storage and handling High
5. 5 Bridge -> broker -> bridge message looping High
6. 6 Broker does not check configuration filesystem permissions Medium
7. 7 Configuration reload may cause inconsistent behavior Low
8. 8 Clients can publish last will messages to $CONTROL topics High

Findings extracted from the published report PDF. See the full report below for details and remediation.