TLS certificate verification is skipped when connecting to a MQTT server. This allows an attacker who can MITM the connection to read, or forge, messages passed between the client and server.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hybridgroup/gobot | lt | 1.12.1-0.20190521122906-c1aa4f867846 |