Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The API Gateway domain is configured to use an outdated or insecure version of TLS instead of TLS 1.2. This weakens the encryption used to protect data transmitted between clients and your API.
Impact#
Using older TLS versions exposes sensitive data to interception or tampering by attackers, as these versions have known vulnerabilities. This could lead to data breaches, loss of confidentiality, and non-compliance with security standards.