[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[mosquitto-dev] Mosquitto version 2.0.14 for Windows does not refuse anonymous connections when mosquito_sub and mosquito_pub is used on windows power shell
|
Hi:
I have the following security issue in the windows version 2.0.14 when I
used with mosquito_sub and mosquito_pub on windows power shell.
After use TSL, I proved using just a password file, with the
allow_anonymous parameter setting to false and, of course the
per_listener_settings parameter setting to true.
per_listener_settings true
allow_anonymous false
password_file C:\mosquitto\usuarios.cfg
The configuration file is correctly read, also the password file; but
still I can subscribe anonymous clients or clients using incorrect names
and/or passwords (not included in the password file).
I run the mosquitto broker in a Power Shell windows, and the clients in
additional Power Shell windows.
If I add a ACL file, the problem still remains.
Only when I add certificates, and enable TSL, the password file and the
ACL file are correctly used.
(That is: anonymous clients or clients with incorrect names and/or
passwords are rejected)
Cheers
Eduardo Mondaca