MRG Messaging 2.2: authentication bypass
| Package(s): | MRG Messaging 2.2 | CVE #(s): | CVE-2012-3467 | ||||||||
| Created: | September 20, 2012 | Updated: | September 26, 2012 | ||||||||
| Description: | From the Red Hat advisory: It was discovered that qpidd did not require authentication for "catch-up" shadow connections created when a new broker joins a cluster. A malicious client could use this flaw to bypass client authentication. (CVE-2012-3467) | ||||||||||
| Alerts: |
| ||||||||||