The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.

Related CVEs

CVE-2023-45220

Key Information

GHSA ID

GHSA-q6g6-cfvx-2c7g

Published

October 25, 2023 6:32 PM

Last Modified

November 6, 2023 3:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.