DerScanner
Home / Vulnerability Database / Config files : Unsafe SSL settings
Config files

Config files : Unsafe SSL settings

Classification

OWASP Mobile Top 10 2014
M3-Insufficient Transport Layer Protection
OWASP Mobile Top 10 2016
M3-Insecure Communication
OWASP MASVS
V5: 5.2.(L1/L2/L1+R/L2+R)
PCI DSS 4.0
2.2.54.2.16.2.4
HIPAA
§164.312 (e)(1)
CWE
CWE-295

Overview

The application establishes the SSL connection with insecure settings.

To establish a secure connection the application must verify that the certificate corresponds to the requested host, the certificate term has not expired, and that the chain of trust goes back to one of the set in the system trusted root certificates. Disabling any of these checks may lead to compromise of transferred data.

Insecure Communication takes the third place in the “OWASP Mobile Top 10 2016” mobile platforms vulnerabilities ranking.

References

  1. CWE-295: Improper Certificate Validation
  2. OWASP Mobile Top 10 2014: Insufficient Transport Layer Protection
  3. Using Networking Securely - developer.apple.com
  4. OWASP Mobile Top 10 2016-M3-Insecure Communication
CRITICAL

DerScanner Severity Score

Do you want to fix Config files : Unsafe SSL settings in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection