Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The web app is configured to use an outdated TLS version (1.0 or 1.1), which lacks modern security protections. This makes encrypted connections to your app vulnerable to known attacks.
Impact#
Attackers could exploit weaknesses in old TLS versions to intercept or manipulate sensitive data in transit, potentially exposing user information or credentials. This compromises the confidentiality and integrity of your application’s communications and may violate compliance requirements.