Managing authentication
One of the biggest vulnerabilities is its management of passwords. They are sent in clear text in the protocol. And MQTT does not use a pluggable authentication architecture like the Simple Authentication and Security Layer (SASL) either. This causes a whole range of problems. If passwords are to be used, the application must persist them. If SASL would have been used, a hash would most likely have been sufficient. This creates a whole new set of vulnerabilities for the application layer.
The common solution is to use either encryption or out-of-band authentication, or a combination of both instead. But out-of-band authentication is not a standardized part of MQTT, so interoperability problems may become an issue. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access