Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Disabling SSL certificate verification (using SSL_VERIFY_NONE) means the application will accept any server certificate, even if it’s invalid or malicious. This undermines the security of encrypted connections.
Impact#
Attackers could intercept or manipulate sensitive data by performing man-in-the-middle (MitM) attacks, potentially leading to credential theft, data leakage, or injection of malicious content. This exposes users and the organization to serious security risks.