SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

The SSLv2, SSLv23, SSLv3, TLSv1.0 and TLSv1.1 protocols contain several flaws that make them insecure, so they should not be used to transmit sensitive data.

The Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols provide a protection mechanism to ensure the authenticity, confidentiality and integrity of data transmitted between a client and web server. Both TLS and SSL have undergone revisions resulting in periodic version updates. Each new revision was designed to address the security weaknesses discovered in the previous versions. Use of an insecure version of TLS/SSL will weaken the strength of the data protection and could allow an attacker to compromise, steal, or modify sensitive information.

Weak versions of TLS/SSL may exhibit one or more of the following properties: * No protection against man-in-the-middle attacks * Same key used for authentication and encryption * Weak message authentication control * No protection against TCP connection closing

The presence of these properties may allow an attacker to intercept, modify, or tamper with sensitive data.

Android : Cookie: not HttpOnly

DerScanner Severity Score

Do you want to fix Android : Cookie: not HttpOnly in your application?

See also