The remote Debian host is missing a security-related update.
Three vulnerabilities were discovered in the Mosquitto MQTT broker, which could result in authentication bypass. Please refer to https://mosquitto.org/blog/2019/02/version-1-5-6-released/ for additional information.
Upgrade the mosquitto packages. For the stable distribution (stretch), these problems have been fixed in version 1.4.10-3+deb9u3.