Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The load balancer is configured to allow insecure TLS versions (less than 1.2) or permits unencrypted HTTP traffic without forcing HTTPS redirection. This exposes sensitive data to potential interception during transmission.
Impact#
Attackers could intercept, read, or modify data sent between clients and your service, leading to data breaches, credential theft, or manipulation of traffic. This compromises user privacy and can violate compliance requirements.