Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using DefaultHttpClient is insecure because it is deprecated and does not support modern TLS 1.2 encryption. This means data sent over the network may not be properly protected.
Impact#
Attackers could intercept or tamper with sensitive information transmitted by your application, leading to data leaks or man-in-the-middle attacks. This can result in exposure of user credentials or other confidential data.