Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code creates SSL connections that allow outdated protocols like SSL v2, SSL v3, or TLS v1, which are no longer secure. These older protocols have known vulnerabilities and should be explicitly disabled in favor of TLS 1.2 or TLS 1.3.
Impact#
If exploited, attackers could intercept or tamper with sensitive data in transit, perform man-in-the-middle attacks, or decrypt confidential information. This can lead to data breaches, loss of user trust, and regulatory compliance issues.