Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses outdated or insecure SSL/TLS versions (such as SSLv2, SSLv3, TLSv1.0, or TLSv1.1) for secure connections. These protocols are deprecated and contain known vulnerabilities that make encrypted communications unsafe.
Impact#
Attackers could exploit weaknesses in these old protocols to intercept or manipulate sensitive data, perform man-in-the-middle attacks, or decrypt confidential information. This can lead to data breaches, loss of user trust, and regulatory compliance violations.