Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code creates an HTTPS server without explicitly disabling outdated protocols like SSL v2, SSL v3, and TLS v1. These protocols are insecure and can expose connections to known attacks.
Impact#
If exploited, attackers could intercept or manipulate sensitive data transmitted over HTTPS, potentially leading to data theft, session hijacking, or man-in-the-middle attacks. This compromises both user privacy and application security.