TLS certificate verification is skipped when connecting to a MQTT server. This allows an attacker who can MITM the connection to read, or forge, messages passed between the client and server.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0083" }