Use of a Broken or Risky Cryptographic Algorithm
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Medium |
Description#
The TLS configuration is missing a minimum protocol version, which means the server or client may allow insecure, outdated versions like TLS 1.0 or 1.2. This leaves encrypted connections vulnerable to known attacks on older TLS protocols.
Impact#
If exploited, attackers could intercept or manipulate sensitive data by exploiting weaknesses in outdated TLS versions. This can lead to data breaches, loss of confidentiality or integrity, and failure to comply with security standards.