Inadequate Encryption Strength
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code is creating SSL/TLS connections using outdated protocols like TLS 1.0, TLS 1.1, or SSL, which are no longer considered secure. Modern best practices require using TLS 1.2 or newer to protect data in transit.
Impact#
Using weak encryption protocols exposes sensitive data to interception or tampering by attackers, as these protocols have known vulnerabilities. This could allow attackers to read, modify, or steal confidential information, putting users and the organization at risk of data breaches.