CVE-2023-45220

Name of the Vulnerable Software and Affected Versions Android Client (affected versions not specified)

Description The Android Client application uses the HTTP protocol to retrieve sensitive information, including IP addresses and credentials to connect to a remote MQTT broker entity, instead of HTTPS. This occurs when the application is enrolled using the method where the user manually inserts the server IP address. The use of HTTP for this purpose is not configurable by the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.