Insecure MQTT Broker Connection Vulnerability in Android Client Application

Insecure MQTT Broker Connection Vulnerability in Android Client Application

CVE-2023-45851 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication.  This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

Learn more about our Cis Benchmark Audit For Google Android.