Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code enables unsafe TLS renegotiation by setting ‘sun.security.ssl.allowUnsafeRenegotiation’ to true. This weakens the security of encrypted connections and makes them vulnerable to interception.
Impact#
Allowing unsafe TLS renegotiation lets attackers inject malicious data into secure connections, potentially leading to man-in-the-middle attacks. Sensitive information could be exposed or tampered with, putting both user data and application integrity at risk.