Inadequate Encryption Strength
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The configuration allows insecure SSL/TLS versions (older than TLS 1.2), which are outdated and have known security weaknesses. Only TLS 1.2 or 1.3 should be enabled to ensure secure encrypted connections.
Impact#
If insecure SSL/TLS versions are allowed, attackers could exploit known vulnerabilities to intercept or manipulate sensitive data, potentially leading to data breaches or compromised user information. This weakens the overall security of your application and exposes users to significant risk.