It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn"t correctly validate MQTT connection authentication. This allowed anyone to login to an existing user account without having to provide a password.