Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code configures the client to use insecure or outdated TLS/SSL protocols (such as TLSv1 or any SSL versions) for network communication. These protocols are deprecated and have known vulnerabilities that can be exploited by attackers.
Impact#
Using weak transport protocols allows attackers to intercept or manipulate sensitive data sent between the client and server, potentially leading to data theft, account compromise, or unauthorized access to confidential information. This can expose users and the organization to data breaches and compliance violations.