Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Disabling SSL certificate verification in HTTP requests (using ‘verify=False’ with the requests library) allows connections to servers without confirming their identity. This exposes your application to insecure connections.
Impact#
Attackers could intercept or manipulate network traffic (man-in-the-middle attacks), potentially stealing sensitive data or injecting malicious content. This undermines the security guarantees of HTTPS and puts user data and application integrity at risk.