HV19.15 Santa’s Workshop
The given page shows a counter of processed gifts. The source code reveals, that there is a connection to a MQTT broker. Directly connecting to the MQTT broker and subscribing to the $SYS/broker/version topic, returns the following message: So the broker is running Mosquitto 1.4.11 which does contain a vulnerability which bypasses authentication when the […]