Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using HTTPSConnection in Python without proper SSL certificate verification can expose your application to insecure connections, especially in older Python versions where certificates are not checked by default. This makes it easier for attackers to intercept or tamper with sensitive data during transmission.
Impact#
If SSL certificates are not verified, attackers could perform man-in-the-middle attacks, intercepting or altering confidential data such as login credentials or personal information. This could lead to data breaches, loss of user trust, and potential legal or compliance issues for your organization.