Improper Certificate Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-295: Improper Certificate Validation |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code is configuring a TLS client using dangerous settings that bypass or replace standard certificate verification. This can disable critical SSL checks, making connections insecure.
Impact#
If exploited, attackers could intercept or manipulate encrypted traffic using man-in-the-middle attacks, potentially exposing sensitive data or allowing session hijacking. This compromises the confidentiality and integrity of client-server communications.