SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

In some libraries that use SSL connections, the server certificate is not verified by default. This is equivalent to trusting all certificates.

The SSLv2, SSLv23, and SSLv3 protocols contain several flaws that make them insecure, so they should not be used to transmit sensitive data. The Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols provide a protection mechanism to ensure the authenticity, confidentiality and integrity of data transmitted between a client and web server. Both TLS and SSL have undergone revisions resulting in periodic version updates. Each new revision was designed to address the security weaknesses discovered in the previous versions. Use of an insecure version of TLS/SSL will weaken the strength of the data protection and could allow an attacker to compromise, steal, or modify sensitive information.

Weak versions of TLS/SSL may exhibit one or more of the following properties:

No protection against man-in-the-middle attacks
Same key used for authentication and encryption
Weak message authentication control
No protection against TCP connection closing

The presence of these properties may allow an attacker to intercept, modify, or tamper with sensitive data.

JavaScript : Path manipulation

DerScanner Severity Score

Do you want to fix JavaScript : Path manipulation in your application?

See also