Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Google Cloud Load Balancer is configured to allow outdated versions of TLS, rather than enforcing at least TLS 1.2. This weakens the security of encrypted connections to your services.
Impact#
Allowing insecure TLS versions exposes data in transit to interception or tampering by attackers, potentially leading to sensitive information leaks or man-in-the-middle attacks against users of your application.