Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code creates an SSL context that skips certificate verification, allowing connections to servers without checking their identity. This makes the connection susceptible to man-in-the-middle attacks.
Impact#
If exploited, attackers could intercept or alter sensitive data transmitted over supposedly secure connections, potentially leading to data breaches, credential theft, or loss of integrity and confidentiality for users and the application.