Community
Participate
Working Groups
Dear Sir, Recently we find the vulnerablity named unauthorized retained message in Mosquitto version 1.6.9. Following are the detailed descrition. 1. We edit the ACL file and allowed the adversary to connect to the server and publish message to topic A. 2. Then, the adversary publish a malicious message to topic A with retained flag. 3. Next, we exit the ACL file and delete the authorization so the adversary cannot send the message to the topic A and send SIGHUP signal to mosquitto to reload the ACL file. 4. However, when the victim subscribe the topic A, he will received the retained message that the adversary left before. We believe when the adversary lost the authotization of sending message to topic A, the retained message he registered before should be clear.
If you have the `check_retain_source` option enabled, the originator of the retained message is checked before it is delivered to other clients. This was introduced in version 1.5.6.