Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The code disables SSL/TLS certificate verification when making HTTPS connections, allowing connections to servers without checking their identity. This makes the connection vulnerable to attackers impersonating trusted servers.
Impact#
Attackers could intercept or modify sensitive data by performing man-in-the-middle attacks, leading to credential theft, data exposure, or unauthorized access. This undermines the security of any data transmitted over these connections and exposes users and the application to significant risk.