Lucene search

K
hackeroneSecond_grade_pentesterH1:1578574
HistoryMay 23, 2022 - 7:23 a.m.

Acronis: unauth mosquitto ( client emails, ips, license keys exposure )

2022-05-2307:23:08
second_grade_pentester
hackerone.com
$150
37
authenticaton
data exposure
mqtt

Hi team

Summary

connect.acronis.com ( ip 88.99.142.45:1883 ) has unauth mosquitto mqtt, anyone can connect and read\write messages

Steps To Reproduce

[add details for how we can reproduce the issue]

  1. https://github.com/bapowell/python-mqtt-client-shell
  2. python3 mqtt_client_shell.py
  3. connection
  4. host 88.99.142.45
  5. connect
  6. subscribe “#” 1
Payload (str): b'{"host":"nusite", "tag":"nusite-licenser", "level":"debug", "msg":" response: {\'commands\': [],
 \'license_info\': {\'licensee_name\': \'██████████\',
 \'license_key\': \'█████████\', \'support_exp_date\': \'2021-11-30\',
 \'licensed_actions\': [{\'names\': [\'*\'], \'rules\': [{\'ops\': [{\'action\': \'allow\'}]}]}]}, \'signature\': \'\'}"}'

█████

Recommendations

enable authentication

Thanks

Impact

access to client data, possibility to write messages to unauth mqtt