I use Mosquitto as my main MQTT broker for my smart home environment. Recently I came across some behavior I should investigate further in near future.

The MQTT clients did not authenticate to broker with a correct password. But the clients were accepted, at least for a short period of time. After that the clients were disconnected. During this short time, the devices could receive and sent messages without being authenticated. hm…..