Carolina Adaros

**Name of the Vulnerable Software and Affected Versions** Eclipse Paho Java client library version 1.2.0 **Description** The issue arises when connecting to an MQTT server using TLS and setting a host name verifier in the Eclipse Paho Java client library. The result of the host name verification is not checked, which could allow one MQTT server to impersonate another, providing the client library with incorrect information. **Recommendations** For Eclipse Paho Java client library version 1.2.0, consider updating to a newer version that includes a fix for this issue, as the current version does not properly check the result of the host name verification when connecting to an MQTT server using TLS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.