Inadequate Encryption Strength
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using DefaultHttpClient in Java is insecure because it is deprecated and does not support modern, secure TLS protocols like TLS 1.2. This means sensitive data sent over HTTP connections may not be properly protected.
Impact#
Attackers could intercept or tamper with data transmitted between your application and servers, potentially exposing confidential information such as passwords, personal data, or API keys. This puts users and the organization at risk of data breaches and compliance violations.