Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The CloudFront distribution is configured to allow outdated TLS versions (below 1.2), which are no longer secure. This makes it possible for attackers to exploit weaknesses in older encryption protocols when clients connect to your service.
Impact#
Allowing insecure TLS versions can lead to sensitive data being intercepted or tampered with during transmission. Attackers could eavesdrop on user information, compromise data integrity, or downgrade connections to exploit known cryptographic vulnerabilities, putting both users and your organization at risk.