Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code configures the reqwest HTTP client to accept invalid TLS certificates or hostnames, effectively disabling secure server identity verification. This allows connections to potentially untrusted or malicious servers.
Impact#
Attackers could intercept or manipulate data exchanged with external services, perform man-in-the-middle attacks, or impersonate trusted servers. This can lead to data leakage, credential theft, or compromise of sensitive application functionality.