Sebastian's Blog

software developer. security enthusiast.

Day: 15 December 2019

HV19.15 Santa’s Workshop

The given page shows a counter of processed gifts. The source code reveals, that there is a connection to a MQTT broker. Directly connecting to the MQTT broker and subscribing to the $SYS/broker/version topic, returns the following message: So the broker is running Mosquitto 1.4.11 which does contain a vulnerability which bypasses authentication when the […]